Antivirus analysis on Aspera Transfer Servers

Overview

An Aspera Transfer server sends and receives files to/from Aspera Client applications. Although files are transmitted only after a user has been authenticated and authorized, it may still be necessary to check inbound files, typically with an antivirus, or using other filters (format, metadata, etc...).

There are several aspects to take in account:

1- new file upload detection

2- validation of file (analysis by antiviris, while in quarantine)

3- release of file to other users (like , release from quarantine)

This Article explores ways of integration an antivirus software with Aspera based transfers.

Inline Validation

Aspera Transfer server includes an API called "inline validation". This consists in the Aspera Transfer Server calling an external application which shall return a result telling if the file passes verification or not.

Pros: a status is returned directly for the transfer of each file

Cons: status validation is blocking the transfer (performance)

Inline validation external application can be one of:

- REST endpoint

- LUA script

Aspera High Speed Transfer Server version 3.8 Administration manual includes documentation. This is configured in aspera.conf and is directly executed by the protocol: ascp.

In case of REST, the serving application can be a REST endpoint, but Aspera Orchestrator can also be used to trigger execution of antivirus.

LUA scripts can be referenced or directly included in aspera.conf.

Inline validation can be called at start, end and after a fixed size of transfer.

The client remains blocked until server provides a status for each transfered files.

Out of Transfer File Validation

To overcome the performance bottleneck of the inline validation, OTFV can be used.

This is described in 3.8 admin manual.

This is activated like inline validation in aspera.conf, but with value: post_transfer

In this case, transfers that are successfully executed will go in state "to_be_validated" instead of "completed".

An external application, called validator, will request a number of transferred files ("to_be_validated") to the node API, and then run validation (here antivirus), then update the status of each file to "completed".

Note that while the transfer is seen as "complete" from client side, it is not seen "completed" on server side. This has an effect on server side applications (Faspex, etc...). Transfers will be marked as completed only when all files of a session are validated. For instance, untill full validation, Faspex will not release a package (notifications).

The validation application can be Aspera Orchestrator or any purpose built application.

Pre/post processing

An older mechanism used to be the execution of script on files start/end and session start/end. This method suffers many problem and shall be avoided.

Integrated OS validation

Some antivirus are able to trigger a scan automatically when a new file is created, in that case no special integration is required.

 

0 Comments

Please sign in to leave a comment.
Powered by Zendesk