Intercom scans all attachments and uploads for conversations and tickets. We check content for malware or suspicious configuration from all channels, and block them to keep your team safe while using our product.
There are certain attachment types that we block in Intercom, since they are known vectors for malware (e.g: executable files), however we also let you trust and block certain attachment types in the Settings > Workspace > Security section of your workspace.
View attachments' safety status
You can view the safety status of the attachments before opening the files. This allows you to safely open files from your customers, and helps you better understand the possible risks before opening them.
No issues detected — The file has been scanned and is safe to open.
Inconclusive — The scan could not be completed. An orange warning icon is shown next to the attachment. The file is still accessible, but treat it with caution and avoid opening it unless you have a specific reason to trust the source.
Extension mismatch — The file's extension doesn't match its actual content type, which can be a sign of a disguised file. An orange warning icon is shown. The file is accessible, but treat it with caution.
Malware detected — Confirmed malware. The file is removed and cannot be accessed.
This file is likely malicious — Intercom's security scan flagged this file as likely malicious. An orange warning icon is shown next to the attachment. The file has not been removed, but we strongly recommend not opening it.
When no status is shown, scanning has not reached any conclusion yet and may still be in progress. Most scans take only a number of seconds to complete. We recommend to wait until scanning has completed before accessing a file.
What does the orange warning icon mean?
An orange warning icon next to an attachment means the file was flagged during scanning but not confirmed as malware. Unlike confirmed malware — which is removed entirely — these files remain accessible. The decision to open them stays with you.
If you see an orange icon:
Exercise caution and avoid opening the file unless you have a specific reason to trust the source.
If you're unsure, check with your security team before proceeding.
The orange icon is intentional — hover over it in the inbox to see a tooltip explaining the reason for the warning.
Note: The orange warning icon covers three states: This file is likely malicious, Extension mismatch, and Inconclusive. In all three cases, the file is still accessible — it has not been removed. This is different from Malware detected, where the file is blocked and removed automatically.
Image file validation
Checks are applied for image files as well, and the file will get quarantined if any of the conditions below are satisfied:
Image integrity check fails
Image is corrupted
Image has other content under image content type
Image cannot be validated
Image resize fails
Allowed file types
Default supported file types include:
gif
jpeg
jpg
mov
mp4
pdf
png
txt
heic
oga
ogg
dng
mp3
Note: File types that are explicitly unsupported are permanently blocked across all Intercom workspaces for security reasons and cannot be enabled through this setting.
These include:
.webp image files (unsupported image format in Intercom).
Password-protected archive files (e.g., password-protected .zip or .rar files) because they cannot be scanned by anti-virus scanners, posing a malware risk.
You can allow other files types by going to Settings > Workspace > Security > Attachment settings. Allowed file types will be accessible straight away.
To allow other file types, enable the toggle for "Allow leads and users to send other file types" and then enter your accepted file types.
You must include a period before each extension and separate each file type with a comma, for example .jpg, .png, etc.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts