Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

aherrera05_FTNT
Staff
Staff

Created on ‎11-17-2015 06:57 AM

Supported File Types for AV Inspection

Do we have a list of suppported file types the AV engine will inspect?

Labels:
1621
0 Kudos
1 Solution
DazhLi
Staff
Staff
In response to AlekseyMaltsev

Created on ‎04-11-2018 07:32 AM

This cookbook mainly covers compression formats for which it is almost updated. Only two changes required:

1. remove "starting with AV engine 5.6, yet to be released" as AV engine 5.6 has been official released 

2. should Add CHM format which is supported since AV engine 6.0.7 which has not been official released yet.

But for all the supported file types. I think all possible malicious file types are support, some need AV engine deep paser like Windows PE, some are just covered by signatures like Power Shell script. So the following file types should be added:

*. Windows PE

*. MacOS Mach-O

*  Linux ELF

*. Java Dex

*. HTML,

*. Javascript, VB script, etc

* .Net

Av engine team will maintain a supported file type list for references. I will also ask the cookbook writer for the required changes.

View solution in original post

1612
0 Kudos
5 REPLIES 5
ykonstantakopoulos
New Contributor III

Created on ‎03-07-2016 04:08 AM

Hello Andres,

Check attached document.

Thanks,

Preview file
130 KB
1612
DaviWang1
Staff
Staff
In response to ykonstantakopoulos

Created on ‎09-25-2016 10:23 AM

The document is for compression/archive support. For regular files, like Windows PE files (32-bit, 64-bit), ELF (Linux, all bitness), Mach-O (Mac OS X), Scripts (JS, VB, Perl, HTML, CSS, BAT, Shell, XML, etc), Java class files, etc.

1612
0 Kudos
DaviWang1
Staff
Staff
In response to DaviWang1

Created on ‎09-25-2016 04:38 PM

Forgot to mention two natively supported file formats. DEX (Android) and FLASH.

AV engine has native CPRL intructions to decode and do pattern match on various parts of the relevant files.

1612
0 Kudos
AlekseyMaltsev
Staff
Staff
In response to DaviWang1

Created on ‎04-11-2018 02:34 AM

Hi David,

could you recommend the document where all supported files are listed?

I've found this Cookbook link, but information looks a bit outdated.

Regards, Aleksey

1612
0 Kudos
DazhLi
Staff
Staff
In response to AlekseyMaltsev

Created on ‎04-11-2018 07:32 AM

This cookbook mainly covers compression formats for which it is almost updated. Only two changes required:

1. remove "starting with AV engine 5.6, yet to be released" as AV engine 5.6 has been official released 

2. should Add CHM format which is supported since AV engine 6.0.7 which has not been official released yet.

But for all the supported file types. I think all possible malicious file types are support, some need AV engine deep paser like Windows PE, some are just covered by signatures like Power Shell script. So the following file types should be added:

*. Windows PE

*. MacOS Mach-O

*  Linux ELF

*. Java Dex

*. HTML,

*. Javascript, VB script, etc

* .Net

Av engine team will maintain a supported file type list for references. I will also ask the cookbook writer for the required changes.

1613
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.