New article
Recently updated
Overview of of restricted file types
Internal Audit allows for the restriction of file extensions which may be uploaded as attachments.
If a user attempts to upload a file with a 'bad' extension then they will get the following message:
The file [filename] cannot be added because it is a restricted file type
There is a configurable set of types that are denied, and by default these are:
.ade,.adp,.app,.asa,.ashx,.asmx,.asp,.bas,.bat,.cdx,.cer,.chm,.class,.cmd,.com,.config,.cpl,.crt,.csh,.dll,.exe,.fxp,.hlp,.hta,.htr,.htw,.ida,.idc,.idq,.ins,.isp,.its,.jse,.ksh,.lnk,.mad,.maf,.mag,.mam,.maq,.mar,.mas,.mat,.mau,.mav,.maw,.mda,.mdb,.mde,.mdt,.mdw,.mdz,.msc,.msh,.msh1,.msh1xml,.msh2,.msh2xml,.mshxml,.msi,.msp,.mst,.ops,.pcd,.pif,.prf,.prg,.printer,.pst,.reg,.rem,.scf,.scr,.sct,.shb,.shs,.shtm,.shtml,.soap,.stm,.url,.vb,.vbe,.vbs,.ws,.wsc,.wsf,.wsh
However, it is possible to set up a whitelist so that only allowed file extensions can be uploaded.
To change the lists:
- Open Internal Audit as an application system administrator
- Go to Admin > System Settings > Security
Restricted File Types is the set of file extensions that are disallowed
Allowed File Types is a whitelist - if you add file extensions to this box then ONLY these file extensions will be allowed. By default this list is empty, so that all extensions are allowed unless specified as restricted in the other box.
If a file type appears in both boxes, it will be prevented from being uploaded.
To add an extension, type in the relevant box and click Save. Be sure to include the dot, and separate from a previous entry with a comma if it is not the first item in the list.