Hi Brynn,
But I guess it's something like scanning the file before it actually uploads?
This isn't at issue at the moment, but we should be aware of it for the future.
I suppose it might be more convenient to copy the PDF and take to a free online scanner (rather than moderators downloading them).
More load on the server wouldn't be good. But I am thinking of ways to protect the user, if pdfs are this small in number then we could check them all manually.
I mean, for that matter, I think the same thing is true for SVGs, isn't it? They can contain scripts which could potentially be malicious, right? I wonder if there is some server side scanner which could automatically check all uploads?
No, we don't host svg images to users like that. There's a flag that allows us to embed them IF we trust the contents. But it's only used by the admins for certain svg files that's we've checked out first.
Browsers will naturally protect users from non-embeded svg files and should be protecting users from pdf files too.
Unless we know we're getting viruses because we're checking files manually, I say we wait until we have a problem. We can always pause the quota to pause uploads while we get a solution put together when that day comes.
Best Regards, Martin Owens