Mail Security for Microsoft Exchange .OFM files are registered as .MSI files
search cancel

Mail Security for Microsoft Exchange .OFM files are registered as .MSI files


Article ID: 164308


Updated On:


Mail Security for Microsoft Exchange


When using the File Type Filtering Rules with "Windows Installer Package" (.MSI) selected, .OFM files trigger on this rule.



These file types are flagged because the file hex characteristics match as .MSI file types.

Due to the first 8 bytes of the header, the File Type filtering rule is correctly identifying these files as .MSI files based on true file type. These rules do not act on file extension, but rather on what the file represents itself as in its header. This is to prevent a sender from changing the file extension and potentially passing content that violates these rules.

How to test file

  1. You will need a third party tool like Notepad ++ and the HEX-Editor plug in.
  2. Open the .OFM file and view the header information:

      A file with the first 8 bytes of d0 cf 11 e0 a1 b1 1a e1 is an MSI file:


The software developer of the file will have to change the true file type to not match with .MSI.

Work around:

You must perform the following actions:

  1. Unselect Windows Installer Package (.MSI) from "File Type Filtering Rules"
  2. Create a "Wild Card" match list for file extension type for *.MSI
  3. Create a filtering rule.
  4. Test the rule.

Symantec recommends that you test every new rule or modified rule to make sure that it works as you expect. A test network allows more control over the test process, and email generally travels more quickly through the system.


Creating or editing a match list

Creating a Content Filtering rule