BookmarkSubscribeRSS Feed
Sanjeev
Fluorite | Level 6

We like the comments feature but would like to remove the attachments functionality as users are able to add .exe files as attachments. This has been flagged as a security threat in our organization.

How can one keep the comments functionality but disallow attachments?

Sanjeev

1 REPLY 1
ted_werner_sas_com
SAS Employee

Hello Sanjeev,

In Visual Analytics version 7.1 SAS began blocking the upload of file types listed below when you attach a file via the comment editor in applications such as Explorer, Designer, and the Visual Analytics viewer.

".ade", ".adp", ".app", ".asp", ".bas", ".bat", ".cer", ".chm", ".cmd", ".cnt",

".com", ".cpl", ".crt", ".csh", ".der", ".exe", ".fxp", ".gadget", ".hlp",

".hpj", ".hta", ".inf", ".ins", ".isp", ".its", ".js", ".jse", ".ksh", ".lnk",

".mad", ".maf", ".mag", ".mam", ".maq", ".mar", ".mas", ".mat", ".mau", ".mav",

".maw", ".mda", ".mdb", ".mde", ".mdt", ".mdw", ".mdz", ".msc", ".msh", ".msh1",

".msh2", ".mshxml", ".msh1xml", ".msh2xml", ".msi", ".msp", ".mst", ".ops",

".osd", ".pcd", ".pif", ".plg", ".prf", ".prg", ".pst", ".reg", ".scf", ".scr",

".sct", ".shb", ".shs", ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2",

".tmp", ".url", ".vb", ".vbe", ".vbp", ".vbs", ".vsmacros", ".vsw", ".ws",

".wsc", ".wsf", ".wsh", ".xnk”

In Visual Analytics 7.1 if you upload a file with one of these extensions it will block you and give you the following Error message.

EXEupload.png

The comment and the attachment is subsequently not posted. 

SAS Visual Analytics 6.4 or older (VA 5.1, 5.2, 6.1, 6.2, and 6.3) this is not the case.  It will upload the file and a user can execute this file.  However, there is a way to restrict users at the platform level from uploading these file types. I have attached a SAS note on how an admin could set this up.

http://support.sas.com/documentation/cdl/en/bimtag/66823/HTML/default/viewer.htm#n0sep8bobgd6d9n1wm6...

You will have to follow the instructions to restrict certain file extensions.  When you do this, the application will behave as if  you have uploaded the file, but the file will not be stored anywhere on the server.  Companies might have further restrictions on file extension uploads like .zip and .rar files.  Using this SAS note even if you have SAS VA 7.1, it could aid in satisfying those administration needs of increased security. 

If you have more questions on this please feel free to respond in the thread.

SAS Innovate 2025: Register Now

Registration is now open for SAS Innovate 2025 , our biggest and most exciting global event of the year! Join us in Orlando, FL, May 6-9.
Sign up by Dec. 31 to get the 2024 rate of just $495.
Register now!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 1314 views
  • 1 like
  • 2 in conversation