Return to Jive Software

Up to Discussions in Support
460 Views 6 Replies Last post: Nov 10, 2009 1:46 PM by Jeff Miles RSS
frankfang Novice
frankfang
59 posts since
Aug 18, 2008
Currently Being Moderated

Oct 21, 2009 12:29 PM

Automatic zip of attachments / uploaded files

In Clearspace 2.5.x, when you upload a document, it's uploaded as is.

 

In SBS 3.0.7, some files like csv, wmv or swf files (among others) are automatically zipped. How do we turn this off? PDF files aren't zipped.

 

Also, is there then a way to automatically unzip all the files that have been uploaded since we went to 3.0.7?

 

Thanks.

Karl Cyr Jive Employee
Karl Cyr
6,819 posts since
Mar 12, 2008
Currently Being Moderated
Oct 21, 2009 1:04 PM in response to: frankfang
Re: Automatic zip of attachments / uploaded files

Hi Francis,

 

The automatic compression is performed for security reasons. We have found that Internet Explorer can be exploited by attackers who upload malicious files with certain file extensions. The files appear innocuous, so IE will automatically load their content and execute whatever code they contain. To address this potential vulnerability, we have taken the measure of automatically compressing these file types. There is no way to disable this functionality.

 

Regards,

Karl

willardamyl Novice
willardamyl
5 posts since
May 18, 2009
Currently Being Moderated
Oct 24, 2009 5:51 PM in response to: Karl Cyr
Re: Automatic zip of attachments / uploaded files

Karl -

 

Is this feature also in place in 2.5.16 as well?  For which file types does this apply?  Thanks.

Karl Cyr Jive Employee
Karl Cyr
6,819 posts since
Mar 12, 2008
Currently Being Moderated
Oct 26, 2009 10:25 AM in response to: willardamyl
Re: Automatic zip of attachments / uploaded files

Yes, this applies to 2.5.16. Text (.txt) and HTML files are automatically zipped when attached.

 

If you block certain attachments by file type, you should make sure that ZIP files are an allowed file type.

mjacobsen Novice
mjacobsen
44 posts since
Feb 24, 2009
Currently Being Moderated
Nov 7, 2009 7:31 PM in response to: Karl Cyr
Re: Automatic zip of attachments / uploaded files

This is a useful feature, but it is very frustrating not to have this controllable by the admin. I can almost see the benefit for public sites (although it is still a sledge hammer there), but I see very little benefit for internal sites. In many cases, the behavior of the browser actually doing something with the file when it is clicked on is exactly what we want to have happen.

 

It also appears to affect far more than just text/html files. Not sure if there is a bug that is causing it to affect many other types, but this is something we would really like to see as an admin setting.

Karl Cyr Jive Employee
Karl Cyr
6,819 posts since
Mar 12, 2008
Currently Being Moderated
Nov 9, 2009 10:23 AM in response to: mjacobsen
Re: Automatic zip of attachments / uploaded files
It also appears to affect far more than just text/html files. Not sure if there is a bug that is causing it to affect many other types, but this is something we would really like to see as an admin setting.

I looked into the code and noticed that this does also affect files with the application/octet-stream MIME type (most executable or library files).

 

This is a useful feature, but it is very frustrating not to have this controllable by the admin. I can almost see the benefit for public sites (although it is still a sledge hammer there), but I see very little benefit for internal sites. In many cases, the behavior of the browser actually doing something with the file when it is clicked on is exactly what we want to have happen.

I agree that this functionality could use some refinement. The engineering decision made to address this issue errs on the side of caution. I have opened a feature improvement request (CS-17450) to make this a configurable option in the admin console.

Jeff Miles Novice
Jeff Miles
15 posts since
Aug 19, 2008
Currently Being Moderated
Nov 10, 2009 1:46 PM in response to: Karl Cyr
Re: Automatic zip of attachments / uploaded files

I too would like to see this feature a little more controllable from the admin console. I agree with the idea as a option for improved security but we too have an internal site and would probably rather not use this feature.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Case Product Issues

Loading Jira issues

Loading related product issues for this case
To better serve our customers we have included functionality to automatically follow up on a case after it has been idle for more than 5 days, and then auto close after an additional 3 days of inactivity. Choose No to acknowledge that this case will remain idle for longer than 5 days.
Making cases public allows other customers to learn from the solution of the case. It can also be used to gain feedback from others in the community. Ask our Support Engineers for more info, but we encourage you to make your cases public.