Administer > Database administration > Attachments > Support for allowing attachments with certain file extensions

Support for allowing attachments with certain file extensions

Starting from Service Manager 9.50, a new attachment whitelist feature is supported for Service Manager clients (windows client, web client, and mobility client) and the clients that connect to RTE by web services. You can configure this attachment whitelist via Tailoring > Whitelist > Attachment Whitelist to allow only certain types of attachments to be submitted to Service Manager.

If the Service Manager clients retrieve an existing attachment whose extension is not in the whitelist or has no file extension, the attachment is appended with .UNSAFE when displayed in the Service Manager clients or the clients which connect to RTE by web services, so that the attachment is prevented from being automatically run on the user’s machine.

  • Attachment whitelist defined via Tailoring > Whitelist > Attachment Whitelist takes effect only when the version of your Service Manager applications is no earlier than 9.50.
  • If you set the value of denyattachwithoutext to 0, the approved attachments without file extensions are not appended with .UNSAFE when displayed in the clients which connect to RTE by web services.

To enable the Attachment Whitelist and define a list of allowed file extensions, follow these steps:

  1. Log on to Service Manager as a system administrator.
  2. Click Tailoring > Whitelist > Attachment Whitelist.
  3. Define the list based on your business needs. In the out-of-box system, the attachment whitelist includes the following file types, which are considered safe:

    File Extension Description
    bmp bitmap
    jpg jpg image
    jpeg jpeg image
    png portable network graphic
    gif graphical interchange format file
    txt plain text file
    log log file
    unl garmin unlock file
    csv comma separated values file
    eml e-mail message saved

    Note By default, the Enable Attachment Whitelist check box is selected. If you clear this check box, end-users can submit all types of attachments to Service Manager.

  4. Click Save and OK.
  5. Log out and then log on to the Service Manager client to make the customized attachment whitelist effective.

Additional protection

Beginning with Service Manager 9.50, to provide additional protection, Tika is used to analyze content by detecting and extracting metadata and text from attachments of various file types (such as PPT, XLS, and PDF). About formats from which Tika is able to extract metadata and textual content, see https://tika.apache.org/1.13/formats.html.

For file types that are not listed in https://tika.apache.org/1.13/formats.html, you need to configure both custom-mimetypes.xml files under the web tier and the server installation directories if you want Tika to extract metadata and textual content from such file types:

  • For Service Manager web tier, go to <web tier installation path>\WEB-INF\classes\org\apache\tika\mime\custom-mimetypes.xml and configure as needed.
  • For Service Manager server, do the following:

    1. Go to the <server installation path>\RUN\lib folder
    2. Locate and unzip the common-9.50.jar package.
    3. Go to org\apache\tika\mime\custom-mimetypes.xml and configure as needed.
    4. Compress the common-9.50 folder.

For more information, see https://tika.apache.org/1.13/parser_guide.html#Add_your_MIME-Type. By default, file type UNL is already configured in custom-mimetypes.xml.