Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

File types used in creating file filters

 

Applies to: Forefront Protection for Exchange

Topic Last Modified: 2009-08-17

The following is a list of the file types that are used when creating file filters in order to detect files based solely on their content type. For more information about detecting files by type, see Filtering files by file type.

noteNote:
When a Microsoft Office file (PowerPoint®, Access, Excel®, or Word document) is embedded in another Office file, its data is included as part of the original Office file. These are not scanned as individual files. If, however, another file type (such as .exe) is embedded in one of these files that is then embedded in an Office file, it will be detected and scanned as a separate file. (The .exe extension, however, is still visible because the icon is a GIF file that cannot be deleted. If you click the file, the icon will be replaced with the correct TXT icon.)

 

PowerShell name

Description

ANI

Windows 95 animated cursor file

ARC

ARC archive and compression format file

ARJ

ARJ archive and compression format file

AUTOCAD

AutoCad file

AVI

Windows Audio Visual Interleaved file format

BMP

Windows bitmap image file

BZIP2

High-quality compression of a single file

CHI

Microsoft Help index (.chi) file

CLASS

Java byte code file (usually contained inside a JAR file)

DATAZ

InstallShield file (InstallShield 3)

DOC

Microsoft Office 97-2003 document OLE structured storage file.

The file filter checks for the OLE Structured Storage file format. Contained within this format is information that describes the application to use in order to process the data. Among the applications that use this format are the Microsoft Office applications suite: Word (.doc), Excel (.xls), PowerPoint (.ppt), Exchange Message files (.msg), and Shell scraps (.shs).

EICAR

Eicar virus test file

EPS

Encapsulated PostScript file (Adobe)

EXE

Microsoft executable file (includes .exe, .dll, .ocx, .sys, .scr)

FONT1

Adobe Type 1 font file (includes .pfa, .pfb, .pfm)

GIF

Graphics Interchange format (.gif) image file

GZIP

GZip compression format file

HELP

Microsoft Help file (.hlp)

HYPERARC

Hyper archive format file (ARC compression format file from Systems Enhancement Associates)

ICO

Windows icon image file

IMCMIME

MIME formatted text file with IMC binary header

ISCAB

Windows cabinet archive and compression format file

JAR

Java archive format file

JPEG

JPEG graphic format file

LHA

LHA/LHARC compression format file (LHA, LHZ)

MACBIN

MacBinary format - a binary (non-text) format that encodes Macintosh files so that they can be safely stored or transferred through non-Macintosh systems

MDB

Microsoft Access database file

MP3

MPEG Layer 3 audio format file (.mp3)

MPEG1

MPEG animation video format file (.mpg)

MSCAB

Microsoft cabinet archive format file (Microsoft installation archive)

MSCOMPRESS

Microsoft compression format file

MSEXCEL1

Microsoft Excel 1.x file (.xls)

MSLIBRARY

Microsoft object code library file

MSWORD12

Microsoft Word (1.x and 2.x) file

NOTESDB

Notes database file

OBJ

Object code format file (Intel Relocatable Object Module - .obj)

OPENXML

Microsoft Office OpenXML File

NOTE: This file type applies to Word, PowerPoint, and Excel 2007 files only. The Scan doc files as containers settings (for each scan job) do not apply to Office 2007 files, because these are always scanned as containers. Although OpenXML files are essentially ZIP containers and the individual files inside are scanned by FPE, settings that affect ZIP files do not apply to them. OpenXML documents have an XML-based schema which FPE cannot modify if an infection is found. Therefore, if an infection is in a file that is part of the XML schema, the file is not cleaned, and the entire OpenXML document is deleted. However, if the infected file is not part of the XML schema, then FPE will attempt to clean just that infected file (replacing it with the Deletion Text) and leave the rest of the OpenXML document intact; if it cannot be cleaned, just that file will be deleted. However, in practice, Office 2007 does not open any OpenXML file containing files that are not part of the XML schema.

PAL

Adobe PageMaker library palette file or a color palette file

PCX

PC Paintbrush exchange format graphic file

PDF

Portable Document Format file (Adobe)

PIF

Windows Program Information File, or Vector Graphics GDF format file (IBM mainframe computers)

PKLITE

PKLite compression format file

PNG

Portable Network Graphics bitmap file

QTMOVIE

QuickTime video format file

RAR

RAR archive and compression format file

RIF

Fractal Design Painter bitmap graphics file

RTF

Rich Text File

SFXEXE

Self extracting executable file

SHORTCUT

Microsoft shortcut file (.lnk)

TAR

TAR archive format file (a UNIX method of archiving files, which can also be used by personal computers). TAR archives files but does not compress them, so sometimes .tar files are compressed with other tools, which produces extensions like .tar.gz, .tar.Z, and .tgz.

TEXT

Text file (.txt)

TIFF

Tagged Image File Format (TIFF) bitmap graphics file

TNEF

Microsoft Transport Neutral Encapsulation Format file (Message file)

TRUETYPE

Microsoft TrueType font file (.ttf)

TYPELIB

Microsoft Type Library file format (typically used for ActiveX service)

UNICODE

Unicode (Universal Character Code) double-byte text file

UNINST

InstallShield uninstall file

UNIXCOMPRESS

Unix compression format file

WAV

Waveform audio format file

WMF

Windows metafile format file (vectored and bit-mapped graphics)

WMFVISIO

Visio exported metafile format

WRITE

Windows Write file

XARA

XaraX graphic format file

ZIP

PKZip archive and compression format file

ZOO

ZOO compression format file

Broadly defined, container files are complex files that can be broken down into various parts. FPE can scan the following container files for filter matches:

  • PKZip archive and compression format (.zip)
  • GZip compression format (.gzip)
  • Self-extracting executable
  • Java archive format (.jar)
  • Microsoft transport neutral encapsulation format (TNEF)
  • Microsoft Office 97-2003 document (for example, .doc, .xls, or .ppt)
  • Microsoft Office OpenXML (for example, .docx, .xlsx, or .pptx)
  • MIME with IMC binary header (.eml; also includes SMIME)
  • UUEncode (.uue)
  • TAR archive format (.tar)
  • RAR archive and compression format (.rar)
  • MACBinary format (.bin)

FPE scans all parts of the container file and re-packs the file as necessary. For example, if you configure a file filter list to delete all .exe files, FPE deletes .exe files inside container files (replacing them with the deletion text) but leaves all other files in the container intact.

noteNote:
FPE cannot scan password-protected files or encrypted files. Although FPE does not decrypt such files, the files are always passed to the antimalware scanners in their entirety in their encrypted form.
 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.