When using the File Type Filtering Rules with "Windows Installer Package" (.MSI) selected, .OFM files trigger on this rule.
These file types are flagged because the file hex characteristics match as .MSI file types.
Due to the first 8 bytes of the header, the File Type filtering rule is correctly identifying these files as .MSI files based on true file type. These rules do not act on file extension, but rather on what the file represents itself as in its header. This is to prevent a sender from changing the file extension and potentially passing content that violates these rules.
How to test file
A file with the first 8 bytes of d0 cf 11 e0 a1 b1 1a e1 is an MSI file:
The software developer of the file will have to change the true file type to not match with .MSI.
You must perform the following actions:
Symantec recommends that you test every new rule or modified rule to make sure that it works as you expect. A test network allows more control over the test process, and email generally travels more quickly through the system.
Creating or editing a match list