Zendesk has introduced malware scanning for attachments shared via Zendesk Messaging (Web Widget, native social messaging, and Agent Workspace). However, attachments shared through Sunshine Conversations - used by third‑party bots - are currently out of scope, as confirmed by Zendesk Support.
This creates a security gap in bot‑led messaging flows, where customers may share files before the conversation is handed off to an agent, resulting in inconsistent protection across messaging experiences.
Expected behavior
Zendesk should provide equivalent malware scanning coverage for attachments shared via:
- Sunshine Conversations channels
- Third‑party bots built on Sunshine Conversations
Additional usability enhancement
It would also be highly beneficial to display a clear visual indicator (for example, a checkmark or “Scanned” label) on attachments that have successfully passed malware scanning. This would:
- Increase agent and admin confidence that an attachment is safe
- Reduce ambiguity during ticket handling and audits
- Make the security behavior more transparent and user‑friendly
Why this matters
- Customers share files during bot interactions (e.g., verification, troubleshooting).
- Security and compliance policies often require malware scanning for all inbound files, regardless of channel.
- The current limitation forces customers to rely on workarounds and reduces the overall value and visibility of the malware scanning feature.
Please consider implementing malware scanning support for Sunshine Conversations attachments, along with a visible scan status indicator, to ensure consistent security coverage across all Zendesk messaging experiences.