I am managing our new web messaging deployment and I am concerned about the security of customer attachments. We want to allow customers to upload PDF and image files, but we must ensure they are scanned for viruses before they are accessible by our agents. The Genesys Cloud documentation mentions using a secure file upload handler. How do I intercept the attachment upload in real time and route it to an external scanning service before it reaches the agent workspace?
I inherited a setup that tried to do this with a custom middleware and it was a mess. You cannot actually ‘intercept’ the upload in real time because the client talks directly to the Genesys Cloud AWS S3 buckets. What you have to do is subscribe to the v2.conversations.messaging.attachments notification topic.
When an upload finishes, your middleware gets the link, downloads the file, scans it, and then uses the API to delete the attachment if it is malicious. It is very clunky but it is the only way the platform allows it.
That is right about the notification topic. We do this for our internal HR org. One thing to keep in mind is that the agent will see the attachment immediately in their window while your scan is still running.
You should use a custom script in the agent workspace that hides the attachment until your middleware sends a ‘Safe’ signal back to the interaction’s participant attributes. It is not perfect, but it prevents agents from opening a file before it is cleared.
From a long term planning perspective, you must also consider the storage costs and the retention policies for these attachments. If your scanning service keeps a copy of every file for audit purposes, you will quickly hit your storage limits. Make sure your architecture includes an automated purge cycle for the scanned files once the interaction is closed.