DLP - Determining file type using filter.exe

book

Article ID: 160374

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Symantec Data Loss Prevention (DLP)

How can I check the file type of my file to make sure it matches the extension?

Environment

Data Loss Prevention 14.x and 15.x.

Resolution

Our content extractor does file type checking. 
Using the -d option on filter.exe will show the file type as a number.

Note for Windows: Substitute C: for the drive letter where the DLP software is installed.

Note for Linux: If running the filter executable as the protect user, you may first need to login as root and grant permissions for the protect user to execute the binary. To do this, type: chmod u+x / (see below)

Windows (32-bit): C:\SymantecDLP\Protect\plugins\contentextraction\Verity\Win32\filter -d out.txt

Windows (64-bit): C:\SymantecDLP\Protect\plugins\contentextraction\Verity\x64\filter -d out.txt

Linux (32-bit): /opt/SymantecDLP/Protect/plugins/contentextraction/Verity/i686/filter -d out.txt

Linux (64-bit): /opt/SymantecDLP/Protect/plugins/contentextraction/Verity/x86_64/filter -d out.txt

(For earlier versions you might change SymantecDLP to Vontu in the path)


The output file (out.txt) is not created, but is a required field.

 

Here are some sample outputs:

C:\SymantecDLP\Protect\plugins\contentextraction\Verity\x64\filter.exe -d "myeml.eml" out.txt
The file myeml.eml
Class ID:                       8
Format ID:                      232
Major Version:                  0
Attributes:                     0

KWAD: error code returned is KVERR_Success

C:\SymantecDLP\Protect\plugins\contentextraction\Verity\x64\filter.exe -d sample.txt out.txt
The file sample.txt
Class ID:                       1
Format ID:                      2
Major Version:                  0
Attributes:                     0

KWAD: error code returned is KVERR_Success

C:\SymantecDLP\Protect\plugins\contentextraction\Verity\x64\filter.exe -d test.xls out.txt
The file test.xls
Class ID:                       2
Format ID:                      322
Major Version:                  0
Attributes:                     1

KWAD: error code returned is KVERR_Success