If an executable file containing malicious code is uploaded to the server, the malicious
code can subsequently be executed by an external product that integrates with an Aspera
product.
Inline file validation is a feature that enables file content to be validated while the
file is in transit, as well as when the transfer is complete. You can include or exclude
files with certain characteristics; for example:
- Accept only files of certain types (extensions)
- Examine the .zip / archive files for unapproved file types
- Disallow files greater that a certain size
The validation check is made with a Lua script.or with a RESTful call to an external URL.
The mode of validation used (URL or Lua) is defined in the Enterprise Server GUI or
aspera.conf.
Note: Inline file validation with Lua script is only available for Enterprise Server products
that are v. 2.7.1 or above.
Defining Values for Inline File Validation
Parameters
The following parameters for inline file validation set the method of
file validation (
uri,
lua, or
none). They can be set in the GUI
(
Global Configuration > Filehandling options) or manually (by
editing the
aspera.conf or running the
asconfigurator command).
- run at file start
- run at file stop
- run at session start
- run at session stop
- run when crossing file threshold
Two additional parameter values--specifically for inline validation with a Lua
script--can be set either in the GUI or manually:
- base64-encoded Lua action script
- file path to Lua action script
The following parameters can only be set manually:
- validation threshold_kb
- validation threads
- validation uri (for inline validation with URI, only)
For more detailed information about these parameters, see
your Aspera server documentation.