Overview of inline file validation

If an executable file containing malicious code is uploaded to the server, the malicious code can subsequently be executed by an external product that integrates with an Aspera product.

Inline file validation is a feature that enables file content to be validated while the file is in transit, as well as when the transfer is complete. The validation check is made with a Lua script or with a RESTful call to an external URL. The mode of validation used (URL or Lua) and the timing of the check are set in the Aspera server GUI oraspera.conf.

For information about validating with a URL or Lua script, see Inline file validation with uri or Inline file validation with lua script.

Specifying the validation source: When validating using a Lua script, you must specify the path to the script in the Aspera server GUI or aspera.conf. When validating using a URL, you must specify the URL in aspera.conf.

Scheduling validation: You can schedule validation to occur at the following events:

• run at file start
• run at file stop
• run at session start (URL validation is not supported)
• run at session stop (URL validation is not supported)
• run when crossing file threshold (the limit must be set in aspera.conf)

Multi-threaded validation: You can increase the number of threads used for validation, allowing validation processes to occur in parallel.

Specifying validation targets: You can include or exclude files with certain characteristics, including the following:

• Accept only files of certain types (extensions)
• Examine the .zip / archive files for unapproved file types
• Disallow files greater that a certain size