Exploring, modeling, predicting and reporting with SAS Visual Analytics and SAS Visual Statistics

SAS VA - Disallowing attachments in comments

Reply
Occasional Contributor
Posts: 16

SAS VA - Disallowing attachments in comments

We like the comments feature but would like to remove the attachments functionality as users are able to add .exe files as attachments. This has been flagged as a security threat in our organization.

How can one keep the comments functionality but disallow attachments?

Sanjeev

SAS Employee
Posts: 19

Re: SAS VA - Disallowing attachments in comments

Hello Sanjeev,

In Visual Analytics version 7.1 SAS began blocking the upload of file types listed below when you attach a file via the comment editor in applications such as Explorer, Designer, and the Visual Analytics viewer.

".ade", ".adp", ".app", ".asp", ".bas", ".bat", ".cer", ".chm", ".cmd", ".cnt",

".com", ".cpl", ".crt", ".csh", ".der", ".exe", ".fxp", ".gadget", ".hlp",

".hpj", ".hta", ".inf", ".ins", ".isp", ".its", ".js", ".jse", ".ksh", ".lnk",

".mad", ".maf", ".mag", ".mam", ".maq", ".mar", ".mas", ".mat", ".mau", ".mav",

".maw", ".mda", ".mdb", ".mde", ".mdt", ".mdw", ".mdz", ".msc", ".msh", ".msh1",

".msh2", ".mshxml", ".msh1xml", ".msh2xml", ".msi", ".msp", ".mst", ".ops",

".osd", ".pcd", ".pif", ".plg", ".prf", ".prg", ".pst", ".reg", ".scf", ".scr",

".sct", ".shb", ".shs", ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2",

".tmp", ".url", ".vb", ".vbe", ".vbp", ".vbs", ".vsmacros", ".vsw", ".ws",

".wsc", ".wsf", ".wsh", ".xnk”

In Visual Analytics 7.1 if you upload a file with one of these extensions it will block you and give you the following Error message.

EXEupload.png

The comment and the attachment is subsequently not posted. 

SAS Visual Analytics 6.4 or older (VA 5.1, 5.2, 6.1, 6.2, and 6.3) this is not the case.  It will upload the file and a user can execute this file.  However, there is a way to restrict users at the platform level from uploading these file types. I have attached a SAS note on how an admin could set this up.

http://support.sas.com/documentation/cdl/en/bimtag/66823/HTML/default/viewer.htm#n0sep8bobgd6d9n1wm6...

You will have to follow the instructions to restrict certain file extensions.  When you do this, the application will behave as if  you have uploaded the file, but the file will not be stored anywhere on the server.  Companies might have further restrictions on file extension uploads like .zip and .rar files.  Using this SAS note even if you have SAS VA 7.1, it could aid in satisfying those administration needs of increased security. 

If you have more questions on this please feel free to respond in the thread.

Ask a Question
Discussion stats
  • 1 reply
  • 341 views
  • 1 like
  • 2 in conversation