ArticlesArticles Most Popular ArticlesMost Popular Articles
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon 2020 Official Holidays & Support Schedule
DrillDown Icon IMPORTANT: End of Life of SHA1 on Windows Server 2003
DrillDown Icon IMPORTANT: Supported Operating Systems
DrillDown Icon PLEASE READ: Our Update Server IPs Have Changed
DrillDown Icon Support
DrillDown Icon modusGate for Microsoft Azure
DrillDown Icon modusCloud
DrillDown Icon Alleviating Spam – Best Practices
DrillDown Icon directQuarantine Technical Information
DrillDown Icon modusMail & modusGate Technical Information
DrillDown Icon Documentation & Release Information
DrillDown Icon Known Issues (non-release related)
DrillDown Icon Configuration Information
DrillDown Icon modusGate & modusMail
DrillDown Icon How-To: Configure TLS for POP, IMAP, SMTP
DrillDown Icon How-To: Install modus Web Components on a Separate Server
DrillDown Icon Info: Configuring modus with a Proxy Server
DrillDown Icon Info: BATV Default Subject Tags
DrillDown Icon How-To: Force Spam Updates
DrillDown Icon How-to: Repair databases that are missing objects such as indexes or constraints
DrillDown Icon How-to: Log Modus Logs to a *nix Host
DrillDown Icon How-To: Bypass Attachment Filtering TO: Certain Users or FROM: Certain Users
DrillDown Icon Info: What is an .ASY File Extension
DrillDown Icon How-To: Reduce Image Spam by Using Dynamic IP Blocklists
DrillDown Icon How-To: Enable Persist Sorting Order
DrillDown Icon Info: Fingerprinting Explained
DrillDown Icon Info: RBL Check After AUTH LOGIN
DrillDown Icon How-To: Configure ODBC for a 64-bit environment
DrillDown Icon Info: Quarantine Clean-up Process in Modus
DrillDown Icon How-To: Completely Uninstall Your Modus Product
DrillDown Icon Info: SNMP OIDs Used by Modus
DrillDown Icon Info: Testing SMTP Connections
DrillDown Icon Info: Upgrading From a Previous Version to Modus 5.x
DrillDown Icon How-To: Allow Users to Disable Quarantine Reports
DrillDown Icon How-To: Archive Messages in Modus
DrillDown Icon How-To: Attach Original Messages to Forbidden Attachment Notices
DrillDown Icon How-To: Change the Banner Greeting
DrillDown Icon How-To: Change the SMTP Parameters for the Customer Support Feature
DrillDown Icon How-To: Configure the Quarantine Database in PostgreSQL
DrillDown Icon How-To: Configure the Mailbox Directory on a Share
DrillDown Icon How-To: Delete Viruses and Forbidden Attachments from Quarantine
DrillDown Icon How-To: Disable Outbound Filtering for Specific Users
DrillDown Icon How-To: Disable Scanning for Trusted Sources
DrillDown Icon How-To: Effectively Set-up the Spam and Virus Performance Tabs
DrillDown Icon How-To: Enable Attachment Release from the Quarantine Reports
DrillDown Icon How-To: Improve the Speed of an Extended Database for Authentication
DrillDown Icon How-To: Increase the Maximum Number of Headers / Hops
DrillDown Icon How-To: Manually Compact the Quarantine Database in Access
DrillDown Icon How-To: Move ModusMail or ModusGate from One Machine to Another
DrillDown Icon How-To: Properly Test the Modus Scan Engine
DrillDown Icon How-To: Run Both MS and Modus SMTP Services
DrillDown Icon How-To: Configure the Modus Remote Console
DrillDown Icon How-To: Specify an SMTPDS IP Address
DrillDown Icon How-To: Switch Mailboxes from Registry to the Extended DB
DrillDown Icon How-To: Turn Off Corrupt Attachment Scanning
DrillDown Icon Announcement: ORDB has Shut Down
DrillDown Icon How-To: Upgrade modusMail & modusGate
DrillDown Icon Info: SCAV2 requires specific port to be opened
DrillDown Icon Sonicwall blocking Avira updates
DrillDown Icon Info: Help Improve modusGate
DrillDown Icon modusGate Only
DrillDown Icon modusMail Only
DrillDown Icon SQL Server Information
DrillDown Icon MySQL Information
DrillDown Icon Security
DrillDown Icon Sieve
DrillDown Icon Spam and False-Positives
DrillDown Icon Statistics and Monitoring Section
DrillDown Icon Web Components
DrillDown Icon Troubleshooting
DrillDown Icon Hardware & OS System Requirements
DrillDown Icon Tools
DrillDown Icon Other Product Technical Information
DrillDown Icon Professional Services
DrillDown Icon Newsletters
  Email This ArticlePrint PreviewPrint Current Article/Category and All Sub-Articles/Categories
 
Info: Fingerprinting Explained

Version & Build: All

When Modus receives an attachment, it first looks at the file extension and, if it is forbidden, the file is quarantined.  If fingerprinting is enabled and the extension is not forbidden, Modus then determines if the file is of a known type.


Example:

  • Modus receives an attachment that has been renamed tryme.txt from tryme.exe
  • Fingerprinting is enabled (as it is by default)
  • Even though .txt files are not forbidden, Modus recognizes that the file has been renamed from .exe to .txt and quarantines it because .exe is in the fingerprinting dictionary
  • However, if the file has no signature, if the signature is corrupt or if Modus cannot determine the file type, the attachment will go undetected

Fingerprinting checks for the following file types (not extensions):

  • .exe, .dll, .mdb, .gif, .jpg, .bmp, .mpg, .mp3 and .wmv and OLE components such as .doc, .vsd, .xls and .ppt
  • The accuracy rate for fingerprinting is not 100%
  • .mp3, .wmv and audio .mpg files have a better accuracy rate (v4.35+ only)
  • video .mpg files have a low accuracy rate

Fingerprinting is linked to the attachment scanning level (Normal, Strong, Extreme or Disabled):

  • If an administrator has set the scanning level to Normal and an attachment, file.wmv (scanned for only under the Extreme category), is received, fingerprinting will not  occur
  • If an extension is added to the list of forbidden attachments, Modus will check the extension only
  • Fingerprinting will not detect the file type, it will only detect the file signatur
Modified 11/28/2014
Keywords: fingerprinting attachments
Article ID: 1523