What are documents type allowed in the SuiteCRM to upload?
For example. txt, jpeg, pdf …
The list of bad extensions in added in config.php file. Other than those, almost all types are available unless restricted by custom code.
‘upload_badext’ =>
array (
0 => ‘php’,
1 => ‘php3’,
2 => ‘php4’,
3 => ‘php5’,
4 => ‘php6’,
5 => ‘php7’,
6 => ‘php8’,
7 => ‘pl’,
8 => ‘cgi’,
9 => ‘py’,
10 => ‘asp’,
11 => ‘cfm’,
12 => ‘js’,
13 => ‘vbs’,
14 => ‘html’,
15 => ‘htm’,
16 => ‘phtml’,
17 => ‘phar’,
)
1 Like
I believe HTML files can be tricky because of the browser-based attacks. Be careful if you want to allow those!
Thanks for your reply!
-
Executable Files: These run programs and are commonly used to distribute malware.
.exe,.com,.msi,.dll,.bin,.jar,.apk
-
Script Files: These can contain malicious code that runs when opened.
.php,.php5,.phtml,.js,.vbs,.vbscript,.wsf,.hta,.cgi,.pl,.sh
-
System and Batch Files: These can automate tasks but also run malicious commands.
.bat,.cmd,.sys,.drv
-
Document Files with Macros: Modern Office documents can contain embedded scripts that download malware if macros are enabled.
.docm,.xlsm,.pptm
-
Archive Files: While not inherently dangerous, they can contain any of the above files, sometimes nested or encrypted to bypass scanners.
.zip,.rar,.7z,.tar(often best to block or scan the contents)
-
Other Potential Risks:
-
.pdf(can contain embedded scripts or links) -
.html,.htm(can contain malicious scripts) -
.lnk,.url,.scr,.pif(shortcut and screensaver files that act as executables)
-