This article applies to: - Trustwave MailMarshal (SEG) 6.X and above
- Trustwave ECM/MailMarshal Exchange 5.2 and above
Question: - What file types are recognized by Trustwave MailMarshal (SEG)?
- What file types are recognized by Trustwave ECM 5.2 and above?
Information:The following formats are recognized by current MailMarshal (SEG) and ECM versions. Notes: - Some types are recognized only with current product versions, as noted.
- With MailMarshal/SEG 7.3.5 and above, additional types are recognized with specific updates to the File Type DLL. For information about the File Type update for each MailMarshal version, see article Q20446.
- File Type updates are distributed through the MailMarshal Automatic Updates to installations with current maintenance.
- Items recognized with a specific MailMarshal/SEG or FileType update are not recognized in MailMarshal Exchange/ECM.
In the tables below, Type Name refers to the name seen in the Engine log and rule listings. Description is the name as seen when selecting types in the email policy editor. - The Type Name is often the same as the usual file extension. However, file type detection is based on file structure and NOT on the file extension. If you rename a zip archive as ".TXT", it is still recognized as a zip archive by MailMarshal.
Archive | Type Name | Description | | 7Z | 7Zip Archive | | 7Zcrypt | 7Zip encrypted archive (FileType 7.14.3 and above, 8.0.1 and above) | | 7Zsfx | 7Zip self extracting archive | | ACE | ACE archive | | ACEsfx | ACE self extracting archive | | IWA | Apple iWork Archive .IWA (SEG 7.3.5 and above with FileType 7.14.0 and above) | | ARC | ARC archive | | ARJ | ARJ archive | | ARJcrypt | ARJ encrypted archive | | ARJsfxcrypt | ARJ encrypted self extracting archive | | ARJsfx | ARJ self extracting archive | | B64 | Base64 (MIME) Encoding | | B2A | BtoA Encoding | | BZ2 | bZIP2 archive | | CABI | InstallShield CAB Archive | | CPIO | CPIO archive | | DEB | Debian Binary Package file (SEG 7.3.5 and above with FileType 7.13.1 and above) | | GZ | GZIP archive | | HQX | HQX (BinHex) archive | | CABI | InstallShield CAB Archive | | CDISO | ISO 9660 CD Filesystem | | LYMESFX | LYME self extracting archive (SEG 7.2.2 and above) | | LZH | LZH archive | | MacBIN | MacBinary I, II, or III archive | | MDXMedia | MDX Extended Media Descriptor File (FileType 7.14.3 and above, 8.0.1 and above) | | CABM | Microsoft CAB/Expand Archive | | SZDD | Microsoft SZDD archive | | MAR | Mozilla Archive | | MSI | MSI Windows Installer package | | MSIX | MSIX Windows Installer Package (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1.) | | PBIX | Power BI Report (FileType 2024-02-01 and above) | | RAR | RAR archive | | RARcrypt | RAR encrypted archive | | RARsfxcrypt | RAR encrypted self extracting archive | | RARsfx | RAR self extracting archive | | RARSpan | RAR spanned archive | | RPM | Redhat Package Manager file (SEG 7.3.5 and above with FileType 7.13.1 and above) | | SEAEncrypt | SEA encrypted self extracting archive | | SEA | SEA self extracting archive | | SIT | SIT archive | | SITEncrypt | SIT encrypted archive | | TAR | TAR archive | | UDF | Universal Disk Format (UDF) (from FileType 8.0.6, 8.1.3, 8.2.3) | | UUE | UUencoded Encoding | | XZ | XZ archive (FileType 7.14.3 and above, 8.0.1 and above) | | Z | Z (compress) archive | | ZIP | ZIP archive | | ZIPcrypt | ZIP encrypted archive | | ZIPsfxcrypt | ZIP encrypted self extracting archive | | ZIPsfx | ZIP self extracting archive | | ZOO | ZOO archive | Azure IRM Protected DocumentsNew category and new items in MailMarshal/SEG 8.2.
Also recognized in: - 8.0.X with FileType 8.0.4 and above
- 8.1.X with FileType 8.1.1 and above
| Type Name | Description | | RPMSGPLAIN | Decrypted restricted-permission message | | XLSXIRM | Excel 2007+ document with IRM | | XLSIRM | Excel document with IRM | | PFILE | File protected with IRM | | OREIRM | OLE compound document with IRM | | XLSIRMcrypt | Password protected Excel with IRM | | PPSIRMcrypt | Password protected Powerpoint show with IRM | | PPTIRMcrypt | Password protected Powerpoint with IRM | | WordIRMcrypt | Password protected Word with IRM | | PPTXIRM | Powerpoint 2007+ document with IRM | | PPTIRM | Powerpoint document with IRM | | PPSIRM | Powerpoint show with IRM | | RPMSG | Restricted-permission message | | DOCIRM | Word 2007+ doc with IRM in Word 2003 mode | | DOCXIRM | Word 2007+ document with IRM | Document | Type Name | Description | | MDB | Access database | | MDW | Access system database | | INDD | Adobe InDesign Document (SEG 7.2.2 and above) | | MSO | Document data | | DVI | DVI TeX document | | XLScrypt | Encrypted Excel document (SEG 7.3.5 and above) | | PPTcrypt | Encrypted PowerPoint Document (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPScrypt | Encrypted PowerPoint Show (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | DOCcrypt | Encrypted Word document | | XLSB | Excel 2007+ Binary Document
Includes later versions; see note below. | | XLSX | Excel 2007+ document (recognized in 6.3 and above) | | XLSXIRM | Excel 2007+ document with IRM (SEG 7.3.5 and above) | | XLS | Excel document | | XLSIRM | Excel document with IRM (SEG 7.3.5 and above) | | NFO | Folio Infobase | | FM3 | Lotus 123 FM3 sheet form | | WK1 | Lotus 123 WK1 sheet | | WK3 | Lotus 123 WK3 sheet | | WK4 | Lotus 123 WK4 | | SAM | Lotus AmiPro document | | LWP | Lotus WordPro document | | MCW | Mac Word document | | ACCDB | Microsoft Access Database .ACCDB (SEG 7.3.5 and above) | | ONE | Microsoft OneNote (SEG 7.2.2 and above) | | VSDX | Microsoft Visio 2013 Drawing | | DOCXML | Microsoft Word 2003 XML Document | | OfficeMacroScript | Office Macro Script | | Office2007Macro | Office 2007+ Macro
Includes later versions; see note below. | | OLE | OLE compound document | | OREIRM | OLE compound document with IRM | | ODC | Open Office chart file | | OTC | Open Office chart template | | ODB | Open Office database file | | ODT | Open Office document file | | OTT | Open Office document template | | ODF | Open Office formulae file | | OOoOTF | Open Office formulae template | | ODM | Open Office global text document | | OTH | Open Office global text template | | ODG | Open Office graphics file | | OTG | Open Office graphics template | | ODI | Open Office image file | | OTI | Open Office image template | | ODP | Open Office presentation file | | OTP | Open Office presentation template | | ODS | Open Office spreadsheet file | | OTS | Open Office spreadsheet template | | OpenXML | OpenXML Document (SEG 7.2.3 and above) | | PM6 | PageMaker document | | XLSIRMcrypt | Password protected Excel with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPSIRMcrypt | Password protected Powerpoint Show with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPTIRMcrypt | Password protected Powerpoint with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | WordIRMcrypt | Password protected Word with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PDF | PDF document | | PDFXFAForm | PDF document - Dynamic XFA form (SEG 7.3.5 and above) | | PDFcrypt | PDF document - Encrypted | | PDFInvalid | PDF document - Invalid header record (SEG 7.2.2 and above; see Q16666) | | PDFprotect | PDF document - Protected | | PDFInvalidFormat | PDF Un-recognized file format | | PS | PostScript document | | PPTX | PowerPoint 2007+ document
Includes later versions; see note below. | | PPTXIRM | PowerPoint 2007+ document with IRM (SEG 7.3.5 and above) | | PPTIRM | PowerPoint document with IRM (SEG 7.3.5 and above) | | PPSX | PowerPoint 2007+ show | | PPT | PowerPoint document | | PPS | PowerPoint show | | PPSIRM | PowerPoint show with IRM (SEG 7.3.5 and above) | | PRJ | Project document | | PUB | Publisher document | | QXD | Quark Express document | | RTF | Rich Text document | | Word2 | Word 2 Document | | DOCIRM | Word 2007+ doc with IRM in Word 2003 mode | | DOCX | Word 2007+ Document
Includes later versions; see note below. | | DOCXIRM | Word 2007+ document with IRM (SEG 7.3.5 and above) | | DOC6 | Word 6 Document | | DOC | Word document | | WPD | WordPerfect document | | WPS | Works for Windows document | | WRI | Write document | | XPS | XPS Document (SEG 7.2.3 and above) | Drawing | Type Name | Description | | AI | Adobe Illustrator drawing | | DWG | AutoCAD Drawing | | DWF | AutoCAD Format | | CTB | AutoCAD Plotting Support .CTB (SEG 7.3.5 and above with FileType 7.13.3 and above) | | CMX | Corel Binary Meta file | | CDR | Corel Draw Drawing | | DXF | Drawing Interchange File DXF | | FP3 | FloorPlan Plus 3D | | FH | Freehand drawing | | VSDX | Microsoft Visio 2013 Drawing .VSDX (SEG 8.0.1 and above; SEG 7.3.5 through 7.5.7 with FileType 7.14.0.317 and later - see note) | | VXD | Microsoft Visio Drawing | | NWD | Navisworks Document .NWD (from FileType 8.2.7) | | Solidworks | Solidworks CAD files (.SPDPRT, .SLDASM, .SLDDRW, .SLDDRT) (from FileType 8.1.5 or 8.2.5) | | STL | StereoLithography Drawing (SEG 7.3.5 and above with FileType 7.13.1 and above) | Encrypted | Type Name | Description | | 7Zcrypt | 7Zip encrypted archive (FileType 7.14.3 and above, 8.0.1 and above) | | ARJcrypt | ARJ encrypted archive | | ARJsfxcrypt | ARJ encrypted self extracting archive | | AXCRYPT | AXCrypt Encrypted Data (SEG 7.2.2 and above) | | Switch | Egress Switch Encrypted Mail (SEG 7.3.5 and above with FileType 7.13.1 and above) | | XLScrypt | Encrypted Excel document (SEG 7.3.5 and above) | | PPTcrypt | Encrypted PowerPoint Document (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPScrypt | Encrypted PowerPoint Show (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | DOCcrypt | Encrypted Word Document | | XLSXIRM | Excel 2007+ document with IRM (SEG 7.3.5 and above) | | XLSIRM | Excel document with IRM (SEG 7.3.5 and above) | | PFILE | File protected with IRM | | GPG | Gnu Privacy Guard file .GPG (from FileType 8.1.5 or 8.2.5) | | OREIRM | OLE compound document with IRM | | XLSIRMcrypt | Password protected Excel with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPSIRMcrypt | Password protected Powerpoint show with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PPTIRMcrypt | Password protected Powerpoint with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | WordIRMcrypt | Password protected Word with IRM (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | PDFcrypt | PDF document - encrypted | | PENC | Perl Encoded file .ENC (from FileType 8.1.5 or 8.2.5) | | PGP | PGP Encrypted Data | | PPTXIRM | Powerpoint 2007+ document with IRM (SEG 7.3.5 and above) | | PPTIRM | Powerpoint document with IRM (SEG 7.3.5 and above) | | RARcrypt | RAR encrypted archive | | RARsfxcrypt | RAR encrypted self extracting archive | | RPMSG | Restricted-permission message | | SEAEncrypt | SEA encrypted self extracting archive | | SITEncrypt | SIT encrypted archive | | P7M | SMime Encrypted Data | | DOCIRM | Word 2007+ document with IRM in Word 2003 mode | | DOCXIRM | Word 2007+ document with IRM (SEG 7.3.5 and above) | | ZIPcrypt | ZIP encrypted archive | | ZIPsfxcrypt | ZIP encrypted self extracting archive | | ZIX | ZixCorp encrypted mail (SEG 7.3.5 and above) | Executable | Type Name | Description | | 7Zsfx | 7Zip self extracting archive | | ACEsfx | ACE self extracting archive | | ARJsfxcrypt | ARJ encrypted self extracting archive | | ARJsfx | ARJ self extracting archive | | CLASS | Java class file | | APPL | Macintosh M68k executable | | PEF | Macintosh PPC executable | | CABM | Microsoft CAB/Expand Archive | | COM | MSDOS Com executable | | EXE | MS-DOS Executable | | MSI | MSI Windows Installer Package | | MSIX | MSIX Windows Installer Package (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | NLM | NetWare Loadable Module | | EXEO16 | OS/2 16bit executable | | DLLO32 | OS/2 32bit DLL | | EXEO32 | OS/2 32bit Executable | | PYC | Python bytecode file (FileType 7.14.3 and above, 8.0.1 and above) | | RARsfxcrypt | RAR encrypted self extracting archive | | RARsfx | RAR self extracting archive | | SEAEncrypt | SEA encrypted self extracting archive | | SEA | SEA self extracting archive | | CIF | UNIX CIF Executable | | COFF | UNIX COFF Executable | | ELF | UNIX ELF Executable | | DLLW16 | Win16 DLL | | EXEW16 | Win16 executable | | DLLO16 | Win16 VXD or OS/2 DLL | | DLLW32 | Win32 DLL | | EXE32W | Win32 executable | | ZIPsfxcrypt | ZIP encrypted self extracting archive | | ZIPsfx | ZIP self extracting archive | Font | Type Name | Description | | EOT | Embedded OpenType Font (SEG 7.3.0 and above) | | OTF | OpenType Font | | TTF | True Type Font | | AFM | Type 1 Adobe Font Metric | | PFB | Type 1 Printer Font Binary | | PFM | Type 1 Printer Font Metric | | WOFF | Web Open Font Format (SEG 7.3.0 and above) | | FON | Windows Bitmap font | | ODTTF | XPS Embedded font (ODTTF) (SEG 7.2.3 and above) | Image | Type Name | Description | | PSD | Adobe Photoshop Image | | BMP | Bitmap image | | CPT | Corel Photo-Draw Image | | EPS | Encapsulated PostScript | | EMF | Enhanced MetaFile Image | | GIF | Gif image | | HEIC | HEIF image (FileType 8.2.4 and above) | | ICO | Icon | | JPG | Jpeg image | | JBIG2 | JBIG2 image (SEG 7.2.3 and above) | | JPEG2000 | Jpeg2000 image (recognized in 6.5 and above) | | CIL | Microsoft ClipArt Gallery | | MDI | Microsoft Document Image | | MIX | Microsoft PhotoDraw Image | | PSP | Paint Shop Pro image | | PNG | Portable Network Graphics (PNG) | | TIF | Tiff image | | WEBP | WebP Image File (FileType 7.14.3 and above, 8.0.1 and above) | | HDPHOTO | Windows HD Photo (SEG 7.2.2 and above) | | WMF | Windows MetaFile Image | | PCX | Zsoft PCX Image | Mail Components | Type Name | Description | | MBODY | Mail Body | | MHDR | Mail Headers | | MAIL | Mail message | | TNEF | TNEF Exchange Mail Message | | HTMLBody | TNEF Exchange Mail Message extracted HTML Mail Body | | RTFBody | TNEF Exchange Mail Message extracted RTF Mail Body | Other | Type Name | Description | | BPlist | Apple Binary Plist | | AppleDouble | AppleDouble header | | AppleSingle | AppleSingle formatted file | | BIN | Binary Unknown (indicates a file of unrecognized type) | | TORRENT | Bittorent .torrent metainfo file (recognized in 6.5 and above) | | ICS | Calendar Meeting Invitation (iCalendar) (recognized in SEG 7.2 and above) | | ICSDescription | Calendar Meeting Invitation Description (recognized in SEG 7.2 and above) | | ICSSummary | Calendar Meeting Invitation Summary (recognized in SEG 7.2 and above) | | TPS | Clarion TopSpeed File .TPS (SEG 7.3.5 and above with FileType 7.13.3 and above) | | CHM | Compiled HTML Help file | | DBF | dBase/xbase Data File .DBF (SEG 7.3.5 and above with FileType 7.13.3 and above) | | DBT | dBase Memo Field File (FileType 7.14.3 and above, 8.0.1 and above) | | MDXdbase | dBase Multiple Index File (FileType 7.14.3 and above, 8.0.1 and above) | | SYS | DOS device driver (SEG 7.2.3 and above) | | VCF | Electronic Business Card .VCF (SEG 7.3.5 and above with FileType 7.14.0 and above) | | ICM | Independent Color Matching .ICM (SEG 7.3.5 and above with FileType 7.13.3 and above) | | InfoSlip | Infoslips document (SEG 7.2.2 and above) | | JOS | Java Object Serialized Data (SEG 7.2.2 and above) | | DSStore | Mac OSX Finder Info (SEG 7.2.3 and above) | | MAPIBlock | MAPI Encoded data | | OST | MAPI Off-line Store | | PAB | MAPI Personal Address Book | | PST | MAPI Personal Store | | MAT | MATLAB Data File (FileType 7.14.3 and above, 8.0.1 and above) | | PDB | Microsoft Debugging Symbols (SEG 7.2.2 and above) | | LIB | Microsoft Program Library (SEG 7.2.3 and above) | | MSBLDCACHE | MS Build Cache File (SEG 7.2.2 and above) | | RCM | MTXWIN95 Registry Command File | | OracleRDF | Oracle Report Definition File (SEG 7.2.2 and above) | | Appointment | Outlook Appointment | | Contact | Outlook Contact | | MSG | Outlook message | | Note | Outlook Note | | Task | Outlook Task | | P12 | PKCS#12 Certificate Archive (FileType 2023-03-01 and above) | | PCAP | Packet Capture (SEG 7.2.2 and above) | | PCAPNG | Packet Capture NG (SEG 7.2.3 and above) | | PEMCert | PEM encoded certificate .PEM (Moved to "other" in January 2019. Recognized in SEG 8.0.1 and above; SEG 7.3.5 through 7.5.7 with FileType 7.14.0.317 and later - see note) | | PFX | PFX Certificate Archive (FileType 2023-03-01 and above) | | PGPPublicKey | PGP Public Key (FileType 2024-02-01 and above) | | PGPSigned | PGP Signed Data | | PBIXMashup | Power BI Data Mashup Archive (FileType 2024-02-01 and above) | | PBIXMetadata | Power BI Data Metadata (FileType 2024-02-01 and above) | | PBIXModel | Power BI Data Model (FileType 2024-02-01 and above) | | PBIXBindings | Power BI Security Bindings (FileType 2024-02-01 and above) | | PBIXSettings | Power BI Settings (FileType 2024-02-01 and above) | | QBB | QuickBooks Backup .QBB (SEG 7.3.5 and above with FileType 7.14.0 and above) | | QBW | QuickBooks Company file .QBW (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | RTF Object | RTF Object | | SHP | Shape file (.SHP) (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | SHX | Shape Index file (.SHX) (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | P7S | SMime Signed Data | | SQLiteDB | SQLite Database (SEG 7.2.2 and above) | | EMC | Striata Encrypted Mail Communication (SEG 7.2.3 and above) | | TEXT | Text | | VHD | Virtual Hard Disk Image .VHD (from FileType 8.2.9) | | VSSSCC | Visual Source Safe Source Code Control (SEG 7.2.3 and above) | | HLP | Windows Help file | | MST | Windows Installer Setup Transform .MST (from FileType 8.2.9) | | URL | Windows Internet shortcut | | EVT | Windows NT event log | | REG | Windows Registry Data | | WSF | Windows Script File .WSF (SEG 7.3.5 and above with FileType 7.14.0 and above) | | LNK | Windows shortcut | | EVTX | Windows Vista event log .EVTX (SEG 7.3.5 and above with FileType 7.13.3 and above) | | XML | XML Document (from FileType 8.0.5, 8.1.2, 8.2.2) | Sound | Type Name | Description | | AAC | AAC audio | | FLSA | Adobe Flash Audio (SEG 7.2.2 and above) | | AU | AU sound file | | ENC | Encore Music Notation .ENC (SEG 7.3.5 and above with FileType 7.13.3 and above) | | ASX | Microsoft Active Streaming link | | MID | MIDI sound file | | MP3 | MP3 sound file | | OGA | OGG stream for audio | | RAM | Real Audio Link | | RA | Real Audio sound file | | RMP | Real Jukebox Metadata Package | | Real | RealPlayer audio/video | | WAV | WAV sound file | | ASF | Windows Active Streaming Format | Video | Type Name | Description | | 3GPP | 3GPP Video (SEG 7.2.2 and above) | | FLSV | Adobe Flash Video (SEG 7.2.2 and above) | | FLC | Animator Pro FLC file | | FLI | Animator Pro FLI file | | AVI | AVI video | | DVM | DVM video | | ASX | Microsoft Active Streaming link | | MOV | Mov video | | MPG | Mpeg video | | OGV | OGG stream for video | | Real | RealPlayer audio/video | | SWF | Shockwave Flash | | FLV | Shockwave Flash video | | WEBM | WebM Video File (FileType 7.14.3 and above, 8.0.1 and above) | | ASF | Windows Active Streaming Format | Web Browsing | Type Name | Description | | CSS | Cascading style sheet | | CRL | Certificate Revocation List (CRL) | | GIF | GIF Image | | Goog | Google Safe Browsing Update | | HTML | HTML Document | | ICO | Icon | | CLASS | Java class file | | JS | JavaScript file | | JPG | JPEG image | | OCSPResponse | OCSP Response File | | PNG | PNG image | | SWF | Shockwave Flash | | VBS | VBScript file (from FileType 7.14.6, 8.0.4, 8.1.1, 8.2.1) | | FORMBIN | Web Page binary form data | | FORMTEXT | Web page text form data | | WEBM | WebM Video File (FileType 7.14.3 and above, 8.0.1 and above) | | WEBP | WebP Image File (FileType 7.14.3 and above, 8.0.1 and above) | Non-Selectable TypesThe following types cannot be selected in rules. They are used internally by MailMarshal and will be shown in logs as appropriate. | Type Name | Description | | BIFF12 | Binary File Format for Office 12 | | CHMBINOBJ | CHM Binary Object | | ODTCache | Open Document Text Layout-cache | | OLEStream | OLE Raw Stream | | PDFStream | PDF Raw Stream | | ZIPBig | Zip with massively redundant data | Notes: - Word, Excel, and PowerPoint "2007" or "2007+" file type is the default format used by all later versions (including Office 2010, 2013, and 2016). All documents saved in this format are recognized, regardless of the Office software version.
- File Type 7.14.0.317 (July 20, 2017) was released after 7.14.1. 7.14.1 does not include the new items released in 7.14.0.317.
- Trustwave Knowledgebase articles for information about earlier versions have been withdrawn.
- This article was previously published as:
- NETIQKB40962
To contact Trustwave about this article or to request support:
Related Articles
Add Your Comments
Comment submission is disabled for anonymous
users.
Please send feedback to Trustwave Technical Support or the Webmaster.
|
|
Article ID: 10858
Last Modified: 5/7/2024
Type: INFO
Rated 3 stars based on 6 votes.
Article has been viewed 29,449 times.
|
