2.4.4. File Type Detection And Filtration Overview

File type detection

The file type analysis configuration allows the administrator to specify whether file type analysis should be performed, and how Metadefender Core should handle file type mismatches (where the detected type of the file differs from its extension).

Common uses of file type detection include:

  • Monitoring for discrepancies between a file extension and a detected file type.

  • Altering the workflow of files based on certain file types (e.g., blocking files of a certain file type from entering a file system).

You can configure this setting in the Workflow tab via the File Type link on the left-side menu.

images/download/attachments/21575844/FileTypeFiltration2.png

Metadefender file type detection is driven by an OPSWAT proprietary algorithm that combines the "Magic Number" logic as well as TrID logic. Right now, there are 5837 file types that can be detected and compared to the file extension; a complete listing can be found at the TrID site .

File type detection/analysis is not as accurate as other file metadata analysis. There may be cases where the Metadefender file identification engine will not be able to correctly determine the file type. In these cases, you can submit a ticket with the file to OPSWAT Support for more investigation. However, we cannot guarantee that we will be able to fix the underlying issue and we cannot provide an expected turnaround time to provide an answer. Please do not open an express ticket for false file type detection.

Note that while file type detection functionality is based on the logic above, file scanning functionality is not limited to these file types.

File type detection is also referred to as 'file type analysis', 'file type mismatch', and 'file mismatch analysis'.

Detect file type mismatch

If this is enabled, detected file type extension will be used to validate file path. If any of file inside of an archive file is detected as mismatch, the archive file will be marked as mismatch and blocked. However, only the following types will be checked for mismatches: D, P, A, E, G. (Documents, PDFs, Archives, Executable & Images)

Filtration

The Filtration configuration allows a Metadefender Core administrator to specify that certain file types should be blocked, or that only certain file types should be allowed.

Filtration will check BOTH the actual extension AND the suggested extension based on our file type detection, and block a file if either one matches an extension in the blocked list.