Can XCOM (Linux & Windows) analyze or validate file content before transfer
search cancel

Can XCOM (Linux & Windows) analyze or validate file content before transfer

book

Article ID: 232715

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Linux PC XCOM Data Transport - Windows

Issue/Introduction

We require indications on the operation of XCOM for Linux and Windows in 3 aspects:

- Validation of the content of sent files. Does XCOM have the capability to analyze the content of a file that is sent on the platform? 
- Is there any validation in XCOM to ensure that the content of a file matches its extension?
- How does XCOM prevent Malware, malicious files or any type of Virus from being sent?

This information is to document a finding at the Security Audit level

Environment

Release : 11.6

Component : XCOM Data Transport for Linux PC

Resolution

Q1. Validation of the content of sent files. Does XCOM have the capability to analyze the content of a file that is sent on the platform? 
A1. Out of the box XCOM will not validate the content of files but it does have a "pre-allocation exit" XCOMPRE where a command file can be called before the transfer is executed for both locally and remotely initiated transfers.. So that would be the way for you to write custom code to automatically analyze the file content before the transfer and take any appropriate action.
Linux:
xcompre Pre-allocation Exit
XPRECMD
XCOMPRE_LOCAL
Windows:
How to Use the Pre-allocation Script
XPRECMD
NOTE: The XCOMPRE_LOCAL global parameter does not exist for Windows. There is a difference with the way XCOM calls xcompre on Linux compared to the way XCOM calls Xcompre.bat on Windows.
On Unix/Linux the global parameter XCOMPRE_LOCAL=YES needs to be set for xcompre to be called for both local as well as remotely initiated transfers and the value of LOCAL/REMOTE is passed to the script depending on the initiating transfer type.
On Windows XCOM will always call Xcompre.bat with the value of LOCAL/REMOTE again depending on the initiating transfer type.

Q2. Is there any validation in XCOM to ensure that the content of a file matches its extension?
A2. XCOM does not assume anything about file content from its extension e.g. .txt (ascii text), .exe (binary). It is up to the user to specify the appropriate XCOM transfer parameter according to the file type i.e. CODE_FLAG,.

Q3. How does XCOM prevent Malware, malicious files or any type of Virus from being sent?
A3. Like #1, XCOM will not perform any action out of the box and again XCOMPRE can also be used to perform any required malicious file, virus checks.

Powered by Wolken Software