Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

*Edited* Attachment are getting Sanitized

Community Guru
Rene K Member Since: Jul 10, 2014
51 of 165

The fact that they are removing macros and stuff, why not. But that they don't tell you when they do is unacceptable. But not a surprise.

 

I'm gonna to write an e-mail to Lewis Black about Upwork in the hope he reads it during one of his Rant is due shows.

 

 

 

 

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Community Guru
Richard W Member Since: Jun 22, 2017
52 of 165

Rene K wrote:

The fact that they are removing macros and stuff, why not. But that they don't tell you when they do is unacceptable. But not a surprise.


Another alternative (better in my opinion): if they deem the file dangerous, don't deliver it at all, and inform the sender that it wasn't delivered. Having half-baked, mutilated files around at all is a bad idea, especially if they don't change the file name to indicate that it's been changed. There's lots of other software that blocks suspect files, but I don't think I've come across any others that deliver mutilated files.

Moderator
Vladimir G Moderator Member Since: Oct 31, 2014
53 of 165

Hi all,

 

I wanted to share that we do appreciate your feedback and I've shared your request and sentiment about the current process with our team. We'll follow up with an update once we have more information, thank you for helping us improve our platform and maintain a thriving online workspace.

Active Member
Michael C Member Since: Oct 7, 2011
54 of 165

Is there any further feedback from upwork on this ?

 

Its crazy that I can not deliver to the client a completed .xlsm excel file containing VBA code that they have paid me to write via the Upwork messaging service.  Not all clients are happy revealing their email addresses to allow work to be delivered to them outside of upwork.

Moderator
Goran V Moderator Member Since: Mar 24, 2017
55 of 165

Hi Michael,

 

One of our team members will reach out to you via ticket where you can share more details with us. Our engineering team will investigate it and assist you further directly on your ticket. Thank you.


Untitled
Community Guru
Rene K Member Since: Jul 10, 2014
56 of 165

Michael C wrote:

Not all clients are happy revealing their email addresses to allow work to be delivered to them outside of upwork.


You can use the Share feature on Dropbox or even https://fromsmash.com/ and send them the link. They don't have to disclose their e-mail.

 

 

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Active Member
Ronnie M Member Since: Aug 31, 2019
57 of 165
Hello!

The upwork admin said there is a security feature in the site that wipes
all macro in an excel.. they are tagged as malicious files.. it seems more
people are having problem with this...

I think you can try compressing your excel file in a zip file .rar... i
checked my previous proposal with that attachment and the macro was not
removed..


Ace Contributor
Jordon B Member Since: Jun 16, 2015
58 of 165

Valeria K wrote:

Christopher and others,

 

I'd like to circle back here and provide an update. In some cases, malware scanning will remove embedded macros, formulas, or active content that is deemed potentially malicious.  If you want the original unmodified attachment, you can receive it by contacting Customer Support but note that Upwork is not responsible for any damage that may be caused by opening unmodified files transferred on Upwork.

Soon we'll be adding in product notifications about this.


So basically, Upwork is failing to do what so many other software companies are managing to do, and that is to do scans and offer a warning but leave the the contents untouched.

 

If we're able to bipass this with a zip file exactly how secure is it?  It's not.

 

Why don't you guys stop trying to reinvent the wheel and do what everyone else is doing for this issue.

 

**Edited for Community Guidelines**

Moderator
Valeria K Moderator Member Since: Mar 6, 2014
59 of 165

Hi Jordon,

 

We appreciate your feedback. On Upwork we use data sanitization which is a type of security control that does not rely on threat detection. It works by assuming all files are malicious and then sanitizing and rebuilding each file to ensure the content is safe. It is effective against known and unknown threats, including zero-day attacks, undetectable malware, obfuscation, and more. You can find more information about this here. We are working on adding better in-product notifications to inform users about the process when they upload and download files.

 

Additionally, please note that accusations of misconduct, incompetence or other wrongdoing as well as insults aren't allowed by the Community Guidelines and posts including them may be edited or removed.

 

 

~ Valeria
Untitled
Ace Contributor
Jordon B Member Since: Jun 16, 2015
60 of 165

Valeria K wrote:

Hi Jordon,

 

We appreciate your feedback. On Upwork we use data sanitization which is a type of security control that does not rely on threat detection. It works by assuming all files are malicious and then sanitizing and rebuilding each file to ensure the content is safe. It is effective against known and unknown threats, including zero-day attacks, undetectable malware, obfuscation, and more. You can find more information about this here. We are working on adding better in-product notifications to inform users about the process when they upload and download files.

 

Additionally, please note that accusations of misconduct, incompetence or other wrongdoing as well as insults aren't allowed by the Community Guidelines and posts including them may be edited or removed.

 

 


Valeria, no offense, but I stopped reading after we use because it's just nonsense.  I don't care what you use.  It's bad.  Period.  

 

Let me say it more nicely, this companies moderators and support team are repeatedly of absolutely no help in anything but the most basic matters.


TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS