What is MetaDefender Core file type detection?

MetaDefender Core supports file type detection which is also referred to as 'file type analysis', 'file type mismatch', 'file mismatch analysis', etc.

Common uses of file type detection include (1) monitoring for discrepancies between a file extension and a detected file type and (2) altering the workflow of files based on certain file types (e.g., blocking files of a certain file type from entering a file system).

MetaDefender Core supports file type detection via the API (introduced in Metascan 3.7.4) and the CLI (introduced in Metascan 3.8.1). More information can be found in the MetaDefender Core User Guide.

MetaDefender Core file type detection is driven by an OPSWAT proprietary algorithm that combines the "Magic Number" logic as well as TrID logic. As of this writing, there are 5837 file types that can be detected and compared to the file extension; a complete listing can be found at the TrID site.

File type detection / analysis is not as accurate as other file metadata analysis. There will be cases where the MetaDefender Core file identification engine will not be able to correctly analyze the file type. In these cases, you can submit a ticket with the file to OPSWAT Support for more investigation. However, we cannot guarantee that we will be able to fix the underlying issue and we cannot provide an expected turnaround time to provide an answer.

Note that while file type detection functionality is based on the logic above, file scanning functionality is not limited to these file types.

This article pertains to MetaDefender Core v3
This article was last updated on 2017-12-21