Email Sandbox Level 2 - Supported File Types

Updated 1 year ago by admin

The following file types are supported by the Email Sandbox - Level 2 product. Executables are analysed by running them inside a sandbox, recording the behaviour of the program, and classifying the file based on the observed actions. Similarly, documents are opened in an instrumented file-editor/viewer or by analysing any active components (such as scripts) embedded inside the documents; in either case, the behaviour of the code is used for detecting if the file contains any anomalies.

Additionally, the content of a submitted file is analysed for structural similarities with other, previously classified malware artefacts.

URLs are analysed by visiting them with special, instrumented browsers and observing actions inside the browser or its interactions with its environment.

Note on password protected archives

If the submitted file is an archive and is protected with a password, the Level 2 sandbox will try common passwords used for malware archives (e.g. "malware", "infected", etc) and if possible, detonate the file as usual. If the password is strong, then pre-filtering will reject the file and the Level 2 sandbox will be unable to scan the attachment. This will result in a Temporarily Unavailable message from the sandbox.

The maximum file size that can be sent to the Level 2 sandbox is 64 Mb but email server settings and email security rules may limit this at 50 Mb
It may take up to 5 minutes for the Level 2 sandbox to process a file and longer if the file is contained within an archive

File Type

Mime Type

Typical Extensions

Description

AceArchiveFile

application/x-ace

.ace

ACE archive data

ApkArchiveFile

application/vnd.android.package- archive

.apk

Android APK archive

BzipArchiveFile

application/x-bzip

.tbz2.tbz.bz2.bz

bzip2 compressed data

CabArchiveFile

application/vnd.ms-cab-compressed

.cab

Microsoft Cabinet archive data

DiagCabArchiveFile

application/vnd.ms-diagcab- compressed

.diagcab

Microsoft Diagnostic Cabinet archive data

DmgArchiveFile

application/x-apple-diskimage

.smi.dmg

Apple disk image

Rfc2822EmailArchiveFile

data/email-rfc2822

.eml

RFC2822-formatted Email file

GzipArchiveFile

application/x-gzip

.tgz.gz

gzip compressed data

JarArchiveFile

application/java-archive

.jar

Java JAR archive

WebappJarArchiveFile

application/war-archive

.war

Java Webapp archive

LhaArchiveFile

application/x-lha

.lzh.lha

LHa archive data

LzmaArchiveFile

application/x-lzma

.lzma

LZMA compressed data

NugetArchiveFile

application/x-nuget

.nupkg

NuGet package archive

UDFISOArchiveFile

application/x-udf-image

.udf.iso

UDF filesystem data

ISO9660ISOArchiveFile

application/x-iso9660-image

.iso

ISO 9660 CD-ROM filesystem data

RarArchiveFile

application/x-rar

.rar

RAR archive data

Rar5ArchiveFile

application/x-rar5

.rar

RAR archive data, version 5

TarArchiveFile

application/tar

.tar

POSIX tar archive data

DocumentLLAppBundleTarArchiveFile

application/llappbundle-document

.llappbundle.llapp.tar

Lastline Application Bundle Document Type

MacOsExecutableLLAppBundleTarArchiveFile

application/llappbundle-macos- executable

.llappbundle.llapp.tar

Lastline Application Bundle MacOs Executable Type

WindowsExecutableLLAppBundleTarArchiveFile

application/llappbundle-windows- executable

.llappbundle.llapp.tar

Lastline Application Bundle Windows Executable Type

WebReplayLLAppBundleTarArchiveFile

application/llappbundle-web-replay

.llappbundle.llapp.tar

Lastline Application Bundle Web Replay Type

TnefArchiveFile

application/vnd.ms-tnef

.dat

Transport Neutral Encapsulation Format

XarArchiveFile

application/x-xar

.xar.pkg

XAR archive data

XzArchiveFile

application/x-xz

.xz.txz

XZ compressed data

ZipArchiveFile

application/zip

.zip

Zip archive data

SevenZipArchiveFile

application/x-7z-compressed

.7z

7-zip archive data

MicrosoftSettingContentDataFile

text/ms-settingcontent

.settingcontent-ms

Microsoft Content-Settings data file

CsvDataFile

data/csv

.csv

CSV Data

InternetInquiryDataFile

text/x-ms-iqy

.iqy

Internet Inquiry data file

SymbolicLinkDataFile

data/symbolic-link

.sylk.slk

Symbolic Link data file

PcapDataFile

application/vnd.tcpdump.pcap

.pcapng.pcap

tcpdump capture file

WordHangulCdfDocFile

application/hangul-word

.hwp

Hangul Word Processor document

ChmDocFile

application/x-chm

.chm

Microsoft Windows HtmlHelp data

HangulDocFile

application/x-hwp

.hwp

Hangul HWP3/HWP2000 document

ExcelMsMimeDocFile

application/msoffice-mime-xls

.xls

Microsoft Excel document in MHTML format

PowerpointMsMimeDocFile

application/msoffice-mime-ppt

.ppt

Microsoft Powerpoint document in MHTML format

WordMsMimeDocFile

application/msoffice-mime-doc

.doc

Microsoft Word document in MHTML format

ExcelMsDocFile

application/msoffice-xls

.xls

Microsoft Office Excel document

TemplateExcelMsDocFile

application/msoffice-xlt

.xlt

Microsoft Office Excel template document

ExcelEncryptedKnownMsDocFile

application/msoffice-xls-encrypted

.xlsx.xls

Microsoft Office Excel document (with password)

PowerpointEncryptedKnownMsDocFile

application/msoffice-ppt-encrypted

.pptx.ppt

Microsoft Office Powerpoint document (with password)

WordEncryptedKnownMsDocFile

application/msoffice-doc-encrypted

.doc.docx

Microsoft Office Word document (with password)

PowerpointMsDocFile

application/msoffice-ppt

.pps.ppt

Microsoft Office Powerpoint document

TemplatePowerpointMsDocFile

application/msoffice-pot

.pot

Microsoft Office Powerpoint template document

WordMsDocFile

application/msoffice-doc

.doc

Microsoft Office Word document

PublisherWordMsDocFile

application/msoffice-publisher

.pub

Microsoft Publisher document

TemplateWordMsDocFile

application/msoffice-dot

.dot

Microsoft Office Word document template

OoDocFile

application/vnd.oasis.opendocument

.odp.ods.odt.otg.otp.ott.odg

Open/LibreOffice document

PdfDocFile

application/pdf

.pdf

PDF document

WordPerfectDocFile

application/wordperfect

.wpd

WordPerfect document

RtfDocFile

text/rtf

.rtf

RTF document

SwfDocFile

application/x-shockwave-flash

.swf

Macromedia Flash data

ExcelXmlDocFile

application/x-spreadsheetml

.xml

XML-based Microsoft Office Excel document, pre-Office2007

PowerpointXmlDocFile

application/x-presentationml

.xml

XML-based Microsoft Office Powerpoint presentation, pre-Office2007

WordXmlDocFile

application/x-wordprocessingml

.xml

XML-based Microsoft Office Word document, pre-Office2007

XdpXmlDocFile

application/vnd.adobe.xdp+xml

.xdp

Adobe XDP document

XslXmlDocFile

text/xsl

.xsl

eXtensible Stylesheet Language for XML file

ExcelMsDocxFile

application/msoffice-xlsx

.xlsx

Microsoft Office Excel document, Office Open XML format

MacroAddinExcelMsDocxFile

application/msoffice-xlam

.xlam

Microsoft Office Excel addin, Office Open XML format, with macros

MacroExcelMsDocxFile

application/msoffice-xlsm

.xlsm

Microsoft Office Excel document, Office Open XML format, with macros

BinaryMacroExcelMsDocxFile

application/msoffice-xlsb

.xlsb

Microsoft Office Excel document, Office Open XML format, with macros and binary storage

TemplateExcelMsDocxFile

application/msoffice-xltx

.xltx

Microsoft Office Excel template document, Office Open XML format

MacroTemplateExcelMsDocxFile

application/msoffice-xltm

.xltm

Microsoft Office Excel spreadsheet template, Office Open XML format, with macros

PowerpointMsDocxFile

application/msoffice-pptx

.pptx.ppsx

Microsoft Office Powerpoint document, Office Open XML format

MacroPowerpointMsDocxFile

application/msoffice-pptm

.pptm

Microsoft Office Powerpoint document, Office Open XML format, with macros

SlideshowPowerpointMsDocxFile

application/msoffice-ppsx

.ppsx

Microsoft Office Powerpoint Slideshow, Office Open XML format

MacroSlideshowPowerpointMsDocxFile

application/msoffice-ppsm

.ppsm

Microsoft Office Powerpoint Slideshow, Office Open XML format, with macros

TemplatePowerpointMsDocxFile

application/msoffice-potx

.potx

Microsoft Office Powerpoint template document, Office Open XML format

MacroTemplatePowerpointMsDocxFile

application/msoffice-potm

.potm

Microsoft Office Powerpoint presentation template, Office Open XML format, with macros

WordMsDocxFile

application/msoffice-docx

.docx

Microsoft Office Word document, Office Open XML format

MacroWordMsDocxFile

application/msoffice-docm

.docm

Microsoft Office Word document, Office Open XML format, with macros

TemplateWordMsDocxFile

application/msoffice-dotx

.dotx

Microsoft Office Word template document, Office Open XML format

MacroTemplateWordMsDocxFile

application/msoffice-dotm

.dotm

Microsoft Office Word document template, Office Open XML format, with macros

MsXpsMsDocxFile

application/vnd.ms-xpsdocument

.xps

Microsoft XPS document

OpenXpsMsDocxFile

application/oxps

.oxps

OpenXPS document

JavaClassExeFile

application/x-java-class

.class

compiled Java class data

ComExeFile

application/x-com

.com

COM executable for DOS

EicarComExeFile

application/x-eicar

.com

EICAR test virus

DosExeFile

application/x-dosexec

.exe

MS-DOS executable

MsInstallerExeFile

application/x-msi

.msi

Microsoft Installer file

LnkExeFile

application/x-ms-shortcut

.url.lnk

Microsoft Windows shortcut

MachOExeFile

application/x-mach-o-binary

.bundle.o.dylib

Mach-O executable

BundleMachOExeFile

application/x-mach-o-binary-bundle

.bundle

Mach-O executable bundle

ExecutableMachOExeFile

application/x-mach-o-binary- executable

.o

Mach-O executable program

LibraryMachOExeFile

application/x-mach-o-binary-library

.o.dylib

Mach-O executable library

PeExeFile

application/x-pe

.bat.exe.cpl.cmd.pif.com.scr

PE executable

RarSfxPeExeFile

application/x-rar-sfx-pe

.exe

RAR SFX PE executable

ZipSfxPeExeFile

application/x-zip-sfx-pe

.exe

Zip SFX PE executable

SevenZipSfxPeExeFile

application/x-7zip-sfx-pe

.exe

7zip SFX PE executable

LastlineTestPeExeFile

application/x-lastline-test

.sys.exe.dll

Lastline PE test file

MachOFatUniversalExeFile

application/x-mach-o-fat-binary

.bundle.o.dylib

Mach-O fat file

TiffImageFile

image/tiff

.tiff.tif

TIFF image data

SvgXmlImageFile

image/svg

.svg

SVG image data

HTAScriptFile

text/hta

.hta

HTA Script File text

VBAVisualBasicScriptFile

text/vba

.vba

Visual Basic for Applications text

VBSVisualBasicScriptFile

text/vbscript

.vbs

VBScript text

EncodedVBSVisualBasicScriptFile

application/encodedvbscript

.vbe

VBScript encoded script

BatchScriptFile

text/x-msdos-batch

.bat.cmd

Batch script text

JavascriptScriptFile

application/javascript

.js

JavaScript text

EncodedJavascriptScriptFile

application/encodedjscript

.jse

JScript encoded script

PerlScriptFile

text/x-perl

.pl.pm

Perl script text

PowershellScriptFile

text/x-powershell

.psm1.psd1.ps1

PowerShell text

PythonScriptFile

text/x-python

.py

Python script text

ShellScriptFile

text/x-shellscript

.sh.command

Shell script text

WindowsScriptFile

text/x-wsf

.wsf

Windows Script File text

InternetShortcutFile

text/x-internetshortcut

.url.website

Internet Shortcut file

HtmlTextFile

text/html

.htm.html

HTML document

In some cases, the mime types shown in the above list represent a unified, generalised version of standard mime types. This allows mapping different, semantically equivalent types into a single type


How did we do?