LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP. Learn More

Government
Contact Us
Login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Submit RFP
Government
Contact Us
Login

login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Offensive Security

Solutions to maximize your security ROI

Operational Technology

End-to-end OT security

Microsoft Security

Unlock the full power of Microsoft Security

Securing the Cloud

Safely navigate and stay protected

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and fortify organizations

Awards and Accolades

Recognition by analysts and media outlets

Trustwave SpiderLabs Team

Global researchers, ethical hackers, and responders

Trustwave Fusion Security Operations Platform

Unprecedented security visibility and control

Trustwave Security Colony

Access to cybersecurity threat protection resources

Microsoft Security

Unlock the full power of Microsoft Security

Trustwave PartnerOne Program

Join forces with Trustwave to protect against the most advance cybersecurity threats

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » Trustwave MailMarshal (SEG) » INFO: What file types are recognized by Trustwave MailMarshal...

INFO: What file types are recognized by Trustwave MailMarshal (SEG) and ECM?

Show/Hide Article Tools

This article applies to:

Trustwave MailMarshal (SEG) current versions
Trustwave ECM/MailMarshal Exchange 5.2 and above

Question:

What file types are recognized by Trustwave MailMarshal (SEG)?
What file types are recognized by Trustwave ECM 5.2 and above?

Information:

The following formats are recognized by current MailMarshal (SEG) and ECM versions.

Notes:

Some types are recognized only with current product versions, as noted. Items marked "Current SEG" were added before 2023. These items are not recognized by ECM.
Additional types are recognized with specific updates to the File Type DLL. For information about the File Type update for each MailMarshal version, see article Q20446.
- File Type updates are distributed through the MailMarshal Automatic Updates to installations with current maintenance.
Items recognized with a specific MailMarshal/SEG or FileType update are not recognized in MailMarshal Exchange/ECM.

In the tables below, Type Name refers to the name seen in the Engine log and rule listings. Description is the name as seen when selecting types in the email policy editor.

The Type Name is often the same as the usual file extension. However, file type detection is based on file structure and NOT on the file extension. If you rename a zip archive as ".TXT", it is still recognized as a zip archive by MailMarshal.

Azure IRM Protected Documents

New category and new items in MailMarshal/SEG 8.2.

Type Name	Description
RPMSGPLAIN	Decrypted restricted-permission message
XLSXIRM	Excel 2007+ document with IRM
XLSIRM	Excel document with IRM
PFILE	File protected with IRM
OREIRM	OLE compound document with IRM
XLSIRMcrypt	Password protected Excel with IRM
PPSIRMcrypt	Password protected Powerpoint show with IRM
PPTIRMcrypt	Password protected Powerpoint with IRM
WordIRMcrypt	Password protected Word with IRM
PPTXIRM	Powerpoint 2007+ document with IRM
PPTIRM	Powerpoint document with IRM
PPSIRM	Powerpoint show with IRM
RPMSG	Restricted-permission message
DOCIRM	Word 2007+ doc with IRM in Word 2003 mode
DOCXIRM	Word 2007+ document with IRM

Document

Type Name	Description
MDB	Access database
MDW	Access system database
INDD	Adobe InDesign Document (Current SEG)
MSO	Document data
DVI	DVI TeX document
XLScrypt	Encrypted Excel document (Current SEG)
PPTcrypt	Encrypted PowerPoint Document (Current SEG)
PPScrypt	Encrypted PowerPoint Show (Current SEG)
DOCcrypt	Encrypted Word document
XLSB	Excel 2007+ Binary Document Includes later versions; see note below.
XLSX	Excel 2007+ document
XLSXIRM	Excel 2007+ document with IRM (Current SEG)
XLS	Excel document
XLSIRM	Excel document with IRM (Current SEG)
NFO	Folio Infobase
FM3	Lotus 123 FM3 sheet form
WK1	Lotus 123 WK1 sheet
WK3	Lotus 123 WK3 sheet
WK4	Lotus 123 WK4
SAM	Lotus AmiPro document
LWP	Lotus WordPro document
MCW	Mac Word document
ACCDB	Microsoft Access Database .ACCDB (Current SEG)
ONE	Microsoft OneNote (Current SEG)
VSDX	Microsoft Visio 2013 Drawing
DOCXML	Microsoft Word 2003 XML Document
OfficeMacroScript	Office Macro Script
Office2007Macro	Office 2007+ Macro Includes later versions; see note below.
OLE	OLE compound document
OREIRM	OLE compound document with IRM
ODC	Open Office chart file
OTC	Open Office chart template
ODB	Open Office database file
ODT	Open Office document file
OTT	Open Office document template
ODF	Open Office formulae file
OOoOTF	Open Office formulae template
ODM	Open Office global text document
OTH	Open Office global text template
ODG	Open Office graphics file
OTG	Open Office graphics template
ODI	Open Office image file
OTI	Open Office image template
ODP	Open Office presentation file
OTP	Open Office presentation template
ODS	Open Office spreadsheet file
OTS	Open Office spreadsheet template
OpenXML	OpenXML Document (Current SEG)
PM6	PageMaker document
XLSIRMcrypt	Password protected Excel with IRM (Current SEG)
PPSIRMcrypt	Password protected Powerpoint Show with IRM (Current SEG)
PPTIRMcrypt	Password protected Powerpoint with IRM (Current SEG)
WordIRMcrypt	Password protected Word with IRM (Current SEG)
PDF	PDF document
PDFXFAForm	PDF document - Dynamic XFA form (Current SEG)
PDFcrypt	PDF document - Encrypted
PDFInvalid	PDF document - Invalid header record (Current SEG; see Q16666)
PDFprotect	PDF document - Protected
PDFInvalidFormat	PDF Un-recognized file format
PS	PostScript document
PPTX	PowerPoint 2007+ document Includes later versions; see note below.
PPTXIRM	PowerPoint 2007+ document with IRM (Current SEG)
PPTIRM	PowerPoint document with IRM (Current SEG)
PPSX	PowerPoint 2007+ show
PPT	PowerPoint document
PPS	PowerPoint show
PPSIRM	PowerPoint show with IRM (Current SEG)
PRJ	Project document
PUB	Publisher document
QXD	Quark Express document
RTF	Rich Text document
Word2	Word 2 Document
DOCIRM	Word 2007+ doc with IRM in Word 2003 mode
DOCX	Word 2007+ Document Includes later versions; see note below.
DOCXIRM	Word 2007+ document with IRM (Current SEG)
DOC6	Word 6 Document
DOC	Word document
WPD	WordPerfect document
WPS	Works for Windows document
WRI	Write document
XPS	XPS Document (Current SEG)

Drawing

Type Name	Description
AI	Adobe Illustrator drawing
DWG	AutoCAD Drawing
DWF	AutoCAD Format
CTB	AutoCAD Plotting Support .CTB (Current SEG)
CMX	Corel Binary Meta file
CDR	Corel Draw Drawing
DXF	Drawing Interchange File DXF
FP3	FloorPlan Plus 3D
FH	Freehand drawing
VSDX	Microsoft Visio 2013 Drawing .VSDX (Current SEG - see note)
VXD	Microsoft Visio Drawing
NWD	Navisworks Document .NWD (Current SEG)
Solidworks	Solidworks CAD files (.SPDPRT, .SLDASM, .SLDDRW, .SLDDRT) (Current SEG)
STL	StereoLithography Drawing (Current SEG)

Encrypted

Type Name	Description
7Zcrypt	7Zip encrypted archive (Current SEG)
ARJcrypt	ARJ encrypted archive
ARJsfxcrypt	ARJ encrypted self extracting archive
AXCRYPT	AXCrypt Encrypted Data (Current SEG)
Switch	Egress Switch Encrypted Mail (Current SEG)
XLScrypt	Encrypted Excel document (Current SEG)
PPTcrypt	Encrypted PowerPoint Document (Current SEG)
PPScrypt	Encrypted PowerPoint Show (Current SEG)
DOCcrypt	Encrypted Word Document
XLSXIRM	Excel 2007+ document with IRM (Current SEG)
XLSIRM	Excel document with IRM (Current SEG)
PFILE	File protected with IRM
GPG	Gnu Privacy Guard file .GPG (Current SEG)
OREIRM	OLE compound document with IRM
XLSIRMcrypt	Password protected Excel with IRM (Current SEG)
PPSIRMcrypt	Password protected Powerpoint show with IRM (Current SEG)
PPTIRMcrypt	Password protected Powerpoint with IRM (Current SEG)
WordIRMcrypt	Password protected Word with IRM (Current SEG1)
PDFcrypt	PDF document - encrypted
PENC	Perl Encoded file .ENC (Current SEG)
PGP	PGP Encrypted Data
PPTXIRM	Powerpoint 2007+ document with IRM (Current SEG)
PPTIRM	Powerpoint document with IRM (Current SEG)
RARcrypt	RAR encrypted archive
RARsfxcrypt	RAR encrypted self extracting archive
RPMSG	Restricted-permission message
SEAEncrypt	SEA encrypted self extracting archive
SITEncrypt	SIT encrypted archive
P7M	SMime Encrypted Data
DOCIRM	Word 2007+ document with IRM in Word 2003 mode
DOCXIRM	Word 2007+ document with IRM (Current SEG)
ZIPcrypt	ZIP encrypted archive
ZIPsfxcrypt	ZIP encrypted self extracting archive
ZIX	ZixCorp encrypted mail (Current SEG)

Executable

Type Name	Description
7Zsfx	7Zip self extracting archive
ACEsfx	ACE self extracting archive
ARJsfxcrypt	ARJ encrypted self extracting archive
ARJsfx	ARJ self extracting archive
CLASS	Java class file
APPL	Macintosh M68k executable
PEF	Macintosh PPC executable
CABM	Microsoft CAB/Expand Archive
COM	MSDOS Com executable
EXE	MS-DOS Executable
MSI	MSI Windows Installer Package
MSIX	MSIX Windows Installer Package (Current SEG)
NLM	NetWare Loadable Module
EXEO16	OS/2 16bit executable
DLLO32	OS/2 32bit DLL
EXEO32	OS/2 32bit Executable
PYC	Python bytecode file (Current SEG)
RARsfxcrypt	RAR encrypted self extracting archive
RARsfx	RAR self extracting archive
SEAEncrypt	SEA encrypted self extracting archive
SEA	SEA self extracting archive
CIF	UNIX CIF Executable
COFF	UNIX COFF Executable
ELF	UNIX ELF Executable
DLLW16	Win16 DLL
EXEW16	Win16 executable
DLLO16	Win16 VXD or OS/2 DLL
DLLW32	Win32 DLL
EXE32W	Win32 executable
ZIPsfxcrypt	ZIP encrypted self extracting archive
ZIPsfx	ZIP self extracting archive

Font

Type Name	Description
EOT	Embedded OpenType Font (Current SEG)
OTF	OpenType Font
TTF	True Type Font
AFM	Type 1 Adobe Font Metric
PFB	Type 1 Printer Font Binary
PFM	Type 1 Printer Font Metric
WOFF	Web Open Font Format (Current SEG)
FON	Windows Bitmap font
ODTTF	XPS Embedded font (ODTTF) (Current SEG)

Image

Type Name	Description
PSD	Adobe Photoshop Image
BMP	Bitmap image
CPT	Corel Photo-Draw Image
EPS	Encapsulated PostScript
EMF	Enhanced MetaFile Image
GIF	Gif image
HEIC	HEIF image (Current SEG)
ICO	Icon
JPG	Jpeg image
JBIG2	JBIG2 image (Current SEG)
JPEG2000	Jpeg2000 image
CIL	Microsoft ClipArt Gallery
MDI	Microsoft Document Image
MIX	Microsoft PhotoDraw Image
PSP	Paint Shop Pro image
PNG	Portable Network Graphics (PNG)
SVG	Scalable Vector Graphics (Current SEG)
TIF	Tiff image
WEBP	WebP Image File (Current SEG)
HDPHOTO	Windows HD Photo (Current SEG)
WMF	Windows MetaFile Image
PCX	Zsoft PCX Image

Mail Components

Type Name	Description
MBODY	Mail Body
MHDR	Mail Headers
MAIL	Mail message
TNEF	TNEF Exchange Mail Message
HTMLBody	TNEF Exchange Mail Message extracted HTML Mail Body
RTFBody	TNEF Exchange Mail Message extracted RTF Mail Body

Other

Type Name	Description
BPlist	Apple Binary Plist
AppleDouble	AppleDouble header
AppleSingle	AppleSingle formatted file
BIN	Binary Unknown (indicates a file of unrecognized type)
TORRENT	Bittorent .torrent metainfo file
ICS	Calendar Meeting Invitation (iCalendar) (Current SEG)
ICSDescription	Calendar Meeting Invitation Description (Current SEG)
ICSSummary	Calendar Meeting Invitation Summary (Current SEG)
TPS	Clarion TopSpeed File .TPS (Current SEG)
CHM	Compiled HTML Help file
DBF	dBase/xbase Data File .DBF (Current SEG)
DBT	dBase Memo Field File (Current SEG)
MDXdbase	dBase Multiple Index File (Current SEG)
SYS	DOS device driver (Current SEG)
VCF	Electronic Business Card .VCF (Current SEG)
ICM	Independent Color Matching .ICM (Current SEG)
InfoSlip	Infoslips document (Current SEG)
JOS	Java Object Serialized Data (Current SEG)
DSStore	Mac OSX Finder Info (Current SEG)
MAPIBlock	MAPI Encoded data
OST	MAPI Off-line Store
PAB	MAPI Personal Address Book
PST	MAPI Personal Store
MAT	MATLAB Data File (Current SEG)
PDB	Microsoft Debugging Symbols (Current SEG)
LIB	Microsoft Program Library (Current SEG)
MSBLDCACHE	MS Build Cache File (Current SEG)
RCM	MTXWIN95 Registry Command File
OracleRDF	Oracle Report Definition File (Current SEG)
Appointment	Outlook Appointment
Contact	Outlook Contact
MSG	Outlook message
Note	Outlook Note
Task	Outlook Task
P12	PKCS#12 Certificate Archive (FileType 2023-03-01 and above)
PCAP	Packet Capture (Current SEG)
PCAPNG	Packet Capture NG (Current SEG)
PEMCert	PEM encoded certificate .PEM (Current SEG - see note)
PFX	PFX Certificate Archive (Current SEG)
PGPPublicKey	PGP Public Key (Current SEG)
PGPSigned	PGP Signed Data
PBIXMashup	Power BI Data Mashup Archive (Current SEG)
PBIXMetadata	Power BI Data Metadata (Current SEG)
PBIXModel	Power BI Data Model (Current SEG)
PBIXBindings	Power BI Security Bindings (Current SEG)
PBIXSettings	Power BI Settings (FileType 2024-02-01 and above)
QBB	QuickBooks Backup .QBB (Current SEG)
QBW	QuickBooks Company file .QBW (Current SEG)
RTF Object	RTF Object
SHP	Shape file (.SHP) (Current SEG)
SHX	Shape Index file (.SHX) (Current SEG)
P7S	SMime Signed Data
SQLiteDB	SQLite Database (Current SEG)
EMC	Striata Encrypted Mail Communication (Current SEG)
TEXT	Text
VHD	Virtual Hard Disk Image .VHD (Current SEG)
VSSSCC	Visual Source Safe Source Code Control (Current SEG)
HLP	Windows Help file
MST	Windows Installer Setup Transform .MST (Current SEG)
URL	Windows Internet shortcut
EVT	Windows NT event log
REG	Windows Registry Data
WSF	Windows Script File .WSF (Current SEG)
LNK	Windows shortcut
EVTX	Windows Vista event log .EVTX (Current SEG)
XML	XML Document (Current SEG)

Sound

Type Name	Description
AAC	AAC audio
FLSA	Adobe Flash Audio (Current SEG)
AU	AU sound file
ENC	Encore Music Notation .ENC (Current SEG)
ASX	Microsoft Active Streaming link
MID	MIDI sound file
MP3	MP3 sound file
OGA	OGG stream for audio
RAM	Real Audio Link
RA	Real Audio sound file
RMP	Real Jukebox Metadata Package
Real	RealPlayer audio/video
WAV	WAV sound file
ASF	Windows Active Streaming Format

Video

Type Name	Description
3GPP	3GPP Video (Current SEG)
FLSV	Adobe Flash Video (Current SEG)
FLC	Animator Pro FLC file
FLI	Animator Pro FLI file
AVI	AVI video
DVM	DVM video
ASX	Microsoft Active Streaming link
MOV	Mov video
MPG	Mpeg video
OGV	OGG stream for video
Real	RealPlayer audio/video
SWF	Shockwave Flash
FLV	Shockwave Flash video
WEBM	WebM Video File (Current SEG)
ASF	Windows Active Streaming Format

Web Browsing

Type Name	Description
CSS	Cascading style sheet
CRL	Certificate Revocation List (CRL)
GIF	GIF Image
Goog	Google Safe Browsing Update
HTML	HTML Document
ICO	Icon
CLASS	Java class file
JS	JavaScript file
JPG	JPEG image
OCSPResponse	OCSP Response File
PNG	PNG image
SWF	Shockwave Flash
VBS	VBScript file (Current SEG)
FORMBIN	Web Page binary form data
FORMTEXT	Web page text form data
WEBM	WebM Video File (Current SEG)
WEBP	WebP Image File (Current SEG)

Non-Selectable Types

The following types cannot be selected in rules. They are used internally by MailMarshal and will be shown in logs as appropriate.

Type Name	Description
BIFF12	Binary File Format for Office 12
CHMBINOBJ	CHM Binary Object
ODTCache	Open Document Text Layout-cache
OLEStream	OLE Raw Stream
PDFStream	PDF Raw Stream
ZIPBig	Zip with massively redundant data

Notes:

Word, Excel, and PowerPoint "2007" or "2007+" file type is the default format used by all later versions (including Office 2010, 2013, and 2016). All documents saved in this format are recognized, regardless of the Office software version.
Trustwave Knowledgebase articles for information about earlier versions have been withdrawn.