When uploading files to FMI Works, certain file types are restricted
This article relates to our FMI Works product
The FMI products allow documents to be uploaded and stored with different entities. This is critical for the proper documentation of certain assets, work orders, etc.
Unfortunately, file attachments may also represent a security risk when used in a web browser. Some files may be uploaded by other users at other companies with malicious intent.
File Sizes
FMI recommends limiting attachments to 10MB per file as larger file sizes can be used to overload networks and provide denial-of-service type attacks.
The FMI Works application has a hard-limit of 40MB per file uploaded.
Whitelisted file types
As a best practice, not all file types are allowed to be uploaded and downloaded within applications. Rather than block the files that are known to be bad, FMI takes the approach of blocking all files unless they are known to be good, or at least are necessary to conduct typical FM business. This includes general file types for products like Word and Excel as well as industry specific applications like Autodesk Navisworks.
The following file types are whitelisted by FMI:
| no extension | |
| .7z | 7-Zip is an open-source file archiver |
| .3ds | 3d studio max |
| .3gp | multimedia file |
| .aac | Advanced audio coding file |
| .ai | Adobe illustrator file |
| .avi | Audio Video Interleave file |
| .bak | backup file |
| .bmp | Bitmap image file |
| .bz2 | Unix compression method |
| .csv | Comma separate values file |
| .cxp | OMRON programmable logic controllers file |
| .doc | MS Word |
| .docm | MS Word with macro |
| .docx | MS Word 2007 onwards |
| .dot | MS Word dot template |
| .dwg | Auto-cad drawing |
| .dwt | Dreamweaver Webpage Template |
| .dxf | drawing exchange format |
| .eml | Email file |
| .fpx | FlashPix Bitmap Image File |
| .gif | Graphic Interchange Format |
| .gz | Unix compression method |
| .heic | High Efficiency Image File Format |
| .htm | Web page file |
| .html | Web page file |
| .iam | Autodesk inventor 3d model file |
| .idw | Audodesk inventor 2d vector file |
| .ifc | open exchange format for |
| .iges | File used to exchange 2D or 3D design information between CAD programs |
| .igs | data file used to exchange 2D or 3D design information between CAD programs |
| .ipt | Autodesk inventor 2d/3d model file |
| .ipt | Audodesk 2d/3d model file |
| .jpeg | Image file |
| .jpg | Image file |
| .key | Apple Keynote Presentation |
| .log | Log file, generally opens in text editor |
| .m4a | Audio file |
| .m4v | Video file |
| .md | Markdown language |
| .mht | Webpage archive saved by a web browser |
| .mov | Audio/Video file |
| .mp3 | Audio file |
| .mp4 | Audio/Video files |
| .mpeg | MPEG AV file |
| .mpg | MPEG AV file |
| .msg | Message file |
| .nwc | Naviswork files |
| .nwd | Naviswork files |
| .nwf | Naviswork files |
| .obj | Wavefront 3D Object File |
| .ods | OpenDocument Spreadsheet |
| .odt | OpenDocument Text Document |
| .oft | Outlook file template |
| .ogg | Audio file similar to mp3 |
| A multi-platform document | |
| .png | Graphic image file |
| .ppt | MS PowerPoint |
| .pptm | MS PowerPoint with macro |
| .pptx | MS PowerPoint 2007 onwards |
| .psd | Photoshop file |
| .rar | Compressed file |
| .rec | Video file created by a Topfield PVR digital video recorder |
| .rfa | Archive for revit families |
| .rte | Revit template file |
| .rtf | Rich text format |
| .rvt | Revit BIM modelling project file |
| .shp | Sharp file - GIS System |
| .shtml | secure HTML file |
| .stl | Stereolithography File for 3d models |
| .svg | Image file |
| .tar | Compressed file |
| .tgz | Compressed file |
| .tif | tagged image file |
| .tiff | tagged image file |
| .ttd | Data file created by Tinytag Explorer,used to manage and present data recorded by Tinytag data loggers |
| .txt | Text document |
| .wav | Audio file |
| .xls | MS Excel |
| .xlsm | MS Excel with macro |
| .xlsx | MS Excel 2007 onward |
| .xltm | MS Excel macro template |
| .xml | Formatted data file |
| .zip | Compressed file |
Customers that have specific needs beyond this list can raise a support ticket for inclusion. New file types are occurring regularly and we aim to keep this up to date with the needs of customers.
File Validation Rules
In addition to the file extension rules listed above, the system also validates that the type of the file matches the file extension. This is done to prevent malicious users from hiding potentially dangerous files behind innocent sounding filenames.
The validation is done through a combination of checks ensuring that the file extension, the Mime Type (the type declared by the browser), and the content of the file (through well known signatures) are all consistent.
For some file types, notably HTML files, the file may present both a security risk and a valid business use. These files are scanned and are conditionally allowed based on their content. In the HTML example, they are rejected if there are any "script" tags inside the file.