Focus: Using Fingerprints
1. What are fingerprints?
2. What do I need fingerprints for?
3. Where do I get fingerprints from?
4. What do I have to take into account when using fingerprints?
2. What do I need fingerprints for?
3. Where do I get fingerprints from?
4. What do I have to take into account when using fingerprints?
What are fingerprints?
A fingerprint is a unique file pattern that clearly identifies the file format. Fingerprints consist of a name pattern and/or a binary pattern. A name pattern is used to identify a file through its name and extension (*.vbs, ...), while a binary pattern is based on unique file information.
 |
 |
|
|
What do I need fingerprints for?
iQ.Suite uses fingerprints to identify file formats, for instance within a Watchdog file restriction job to intercept and filter out specific file types. Various third-party products, such as virus scanners, unpacking engines as well as text analyzers and converters, are also controlled through fingerprints. In that context, binary information is the safest way to identify file formats and exclude file manipulations. On the other hand, name patterns can be used for quick reaction to new situations, i.e. to identify specific file formats or files through their name.
|
|
|
|
Where do I get fingerprints from?
Each iQ.Suite version includes the latest fingerprints. In case you need a specific fingerprint, please do not hesitate to contact our Support for assistance. Please specify your request for fingerprints as precisely as possible, as fingerprints need to be adapted to specific requirements and validated.
FingerprintsĀ - even more exotic formatsĀ - can also often be found in the Internet by searching for "Magic Numbers".
If you know the file format manufacturer, you can also directly request the fingerprint there.
FingerprintsĀ - even more exotic formatsĀ - can also often be found in the Internet by searching for "Magic Numbers".
If you know the file format manufacturer, you can also directly request the fingerprint there.
|
|
|
|
What do I have to take into account when using fingerprints?
Fingerprints strongly depend on the file structure and can therefore change even after minor modifications of the file format. To avoid false positives (mail wrongly identified as to be blocked), fingerprints need to be selected with great care. As an example, consider a Microsoft Office document that contains an executable file. In their binary pattern, executable files usually contain an "MZ" at the beginning of the file. However, this "MZ" can also easily occur within a Microsoft Office document and is therefore no guarantee for the existence of an *.exe file.
In iQ.Suite, "searching" fingerprints, i.e. fingerprints looking for a specific file pattern across the entire file, are very time-consuming and should therefore be avoided whenever possible. Much better is to search for file patterns in a pre-determined section of the file.
If you are running iQ.Suite for Domino, please note that logging for Watchdog searches using fingerprints is not set to log level 9!
In iQ.Suite, "searching" fingerprints, i.e. fingerprints looking for a specific file pattern across the entire file, are very time-consuming and should therefore be avoided whenever possible. Much better is to search for file patterns in a pre-determined section of the file.
If you are running iQ.Suite for Domino, please note that logging for Watchdog searches using fingerprints is not set to log level 9!
|
|
|
|
