Last Revision:
July 07, 2017
The File Type module is used by Trustwave SEG and Trustwave ECM. Updates are made available for recent versions through the Automatic Updates service. Each product release includes the current update of FileType.
For more information about additional minor features and bug fixes, see the release history.
The following items have been changed or updated in the specific build versions of FileType listed.
| FT-75 | PEM encoded certificates and RSA Keys (.PEM) are recognized. |
| FT-154 | Microsoft Visio 2013 files (.VSDX) are recognized. |
| FT-156 | Additional variants of Zip archives are recognized. |
| FT-157 | A file containing a symbolic link to itself caused an error in file type processing. Fixed. |
| FT-158 | Regular expression matching for vCard identification could cause the Engine to stop in rare cases. Fixed. |
| FT-98 | Recognition of Encapsulated PostScript (EPS) files is improved. |
| FT-132 | Apple Binary Property List files (.PLIST) are recognized. |
| FT-131 | Apple iWork Archive files (.IWA) are recognized. |
| FT-142 | RAR 5.0 archives are recognized as RAR type. |
| FT-143 | vCard files (.VCF) are recognized, including new variants that use B64 encoded sections. |
| FT-148 | Windows Script Files (.WSF) are recognized. |
| FT-149 | QuickBooks Backup files (.QBB) are recognized. |
| FT-151 | The eicar.com virus test string was typed as COM instead of TEXT. Fixed. |
| FT-140 | Password protected Excel files might not be detected if the OLE stream name was not as expected. Fixed. |
| FT-139 | Some Office 2003 documents were detected as type OLE instead of DOC, affecting unpacking and other detection. Fixed. |
| FT-138 | Detection of Document Data/ActiveMime (MSO) content is improved. |
| FT-39 | dBASE/Xbase files (.DBF) are recognized. |
| FT-82 | Installshield Cabinet (.CAB) files are recognized. |
| FT-92 | Independent Color Matching Profile (.ICM) files are recognized. |
| FT-93 | Autocad Plotting Support (.CTB) files are recognized. |
| FT-94 | Clarion TopSpeed (.TPS) files are recognized. |
| FT-108 | Microsoft Access 2007 Database (.ACCDB) files are recognized. |
| FT-115 | Event Log XML (.EVTX) files are recognized. |
| FT-122 | Open Document Text Layout-cache (ODTCache, unpacked from ODT files) is recognized. |
| FT-136 | Encore Music Notation (.ENC) files are recognized. |
| UNPACK-45 | Binary objects unpacked from Microsoft CHM files are recognized as "CHM Binary Object". |
| FT-129 | Password protected Excel workbooks (.XLS) were not correctly handled. Fixed. |
| FT-125 | Certain DOCX files created by non MS Office applications were not recognized because they do not contain a docprops file. |
| FT-128 | Password protected Excel files were not correctly handled. Fixed. |
| FT-76 | Egress Switch files (SWITCH) are recognized. |
| FT-104 | ActiveX Binary objects in Word and Excel documents (ActiveXObject) are recognized. |
| FT-112 | StereoLithography files (STL) are recognized. |
| FT-113 | PDF type checking is moved after other document types to reduce false positives. |
| FT-114 | Some components were not correctly identified as mail components if they contained only header data and no body. Fixed. |
| FT-119 | Redhat Package Manager files (RPM) are recognized. |
| FT-120 | Debian package files (DEB) are recognized. |
| FT-121 | Suspect PDF files are better recognized as "invalid PDF". |
| FT-111 | Encrypted PDF files were incorrectly detected as BIN. |
Changes prior to version 7.12 were mentioned in the Trustwave SEG or Trustwave ECM Release Notes.
Copyright © 2017 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document,
they make no representation or warranties with respect to the accuracy or
completeness of the contents of this document and specifically disclaim any
implied warranties of merchantability or fitness for a particular purpose. No
warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for
your situation. You should consult with a professional where appropriate.
Neither the author nor Trustwave shall be liable for any loss of profit or any
commercial damages, including but not limited to direct, indirect, special,
incidental, consequential, or other damages.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.