Supported File Types

What is CDR?

An increasingly popular and effective method of compromising computer security, especially as part of a targeted attack, involves sharing common document types or image files with victims. Even though the original versions of these files do not contain executable data, attackers have found ways to trigger these files to execute embedded malicious code. Popular techniques used to accomplish this include VBA macros, exploit payloads, and embedded Flash or JavaScript code. This type of attack has a high success rate because most users don’t expect common file types to contain infections. For high-risk files or scenarios, Content Disarm & Reconstruction (CDR) prevents any possibility of malicious content (including zero-day threats) from executing. High-risk files can be sanitized through several different methods:

  • Removing hidden exploitable objects (e.g., scripts, macros, etc.)
  • Converting the file format

Supported File Types (total 208)

Source File TypeDescriptionTarget Sanitized Types
docMicrosoft Word 97-2003 Documentdoc, docx, pdf, rtf
dotMicrosoft Word 97-2003 Templatedot, dotx
xlsMicrosoft Excel 97-2003 Workbookxls, pdf, csv, xlsx
xltMicrosoft Excel 97-2003 Templatexlt, pdf, png
pptMicrosoft PowerPoint 97-2003 Presentationppt, pdf
potMicrosoft PowerPoint 97-2003 Templatepot, pdf, png
rtfMicrosoft Rich Text Formatrtf, pdf*
docxMicrosoft Word Documentdocx, doc, txt, html, pdf, ps, jpg, bmp, png, tiff, svg, rtf
docmMicrosoft Word Macro-Enabled Documentdocm, docx, txt, html, pdf, ps, jpg, bmp, png, tiff, svg, rtf
dotxMicrosoft Word Templatedotx
dotmMicrosoft Word Macro-Enabled Templatedotm, dotx
xlsxMicrosoft Excel Workbookxlsx, xls, csv, html, tiff*, pdf, ps, jpg, bmp, png, svg
xlsmMicrosoft Excel Macro-Enabled Workbookxlsm, xlsx, csv, html, tiff*, pdf, ps, jpg, bmp, png, svg
xlsbMicrosoft Excel Binary Workbookxlsb
xltxMicrosoft Excel Templatexltx, pdf, png, csv
xltmMicrosoft Excel Macro-Enabled Templatexltm, pdf, png, csv*
xlamMicrosoft Excel Add-inxlam
csvComma-separated valuescsv, xlsx
tsvTab-separated valuestsv
pptxMicrosoft PowerPoint Presentationpptx, ppt, html, pdf, ps, jpg, bmp, png, tiff*, svg
potxMicrosoft PowerPoint Templatepotx, pdf, png
pptmMicrosoft PowerPoint Macro-Enabled Presentationpptm, pptx, html, pdf, ps, jpg, bmp, png, tiff*, svg
potmMicrosoft PowerPoint Macro-Enabled Templatepotm, pdf, png
ppsMicrosoft PowerPoint 97-2003 Showpps, pdf, png
ppsmMicrosoft PowerPoint Macro-Enabled Showppsm, pdf, png
ppsxMicrosoft PowerPoint Showppsx, bmp
ppamMicrosoft Powerpoint add-onppam
sldxMicrosoft Powerpoint Slide 2007+sldx
sldmMicrosoft Office PowerPoint 2007 Slide - Macro Enabledsldm
vsdMicrosoft Visio Drawingpdf
vsdxMicrosoft Visio Drawingvsdx, pdf, xps, jpg, png, bmp, tiff, svg, emf*, html, xaml, swf
vssxMicrosoft Visio Stencilvssx, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vstxMicrosoft Visio Templatevstx, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vsdmMicrosoft Visio Macro-Enabled Drawingvsdm, pdf, xps, jpg, png, bmp, tiff, svg, emf*, html, xaml, swf
vssmMicrosoft Visio Macro-Enabled Stencilvssm, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vstmMicrosoft Visio Macro-Enabled Templatevstm, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vsxMicrosoft Visio XML Stencilvsx, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vtxMicrosoft Visio XML Templatevtx, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
vdxMicrosoft Visio XML Drawingvdx, pdf, xps, jpg, png, bmp, tiff_, svg, emf_, html, xaml, swf
oneMicrosoft OneNoteone
odtOpenDocument Textodt, pdf
odsOpenDocument Spreadsheetods
ottOpenDocument Document Templateott, pdf
otsOpenDocument Spreadsheet Templateots
odpOpenDocument Presentationodp
otpOpenDocument Presentation Templateotp
htm/htmlHypertext Markup Languagehtml, pdf, ps, jpg, bmp, png, svg, txt
mhtMIME HTMLmht, pdf, jpg, bmp, png, tiff
htaHTML Applicationhta
pdfAdobe Portable Document Formatpdf, html, svg, jpg, bmp, png, tiff, txt, pptx
aiAdobe Illustratorai
aitAdobe Illustrator Templateait
xpsXML Paper Specificationpdf
hwpHangul Word Processorhwp
hwtHangul Word Templatehwt
hwpxHangul Word Processorhwpx
cellHancom Cellcell
showHancom Showshow
jtdIchitaro Documentjtd
jtdcIchitaro Compressed Documentjtdc
jhdJustsystem Hanakojhd
xmlExtensible Markup Languagexml
xml-docMicrosoft Word 2003 XML Documentpdf
xml-docxMicrosoft Word XML Documentxml-docx, pdf
xml-xlsMicrosoft XML Spreadsheet 2003pdf
xml-pptxPowerpoint XML Presentationxml-pptx
jnlpJava Network Launching Protocoljnlp
bmlBean Markup Languagebml
twbxTableau packaged workbooktwbx
twbTableau workbooktwb
tdsTableau Datasourcetds
pbixMicrosoft Power BIpbix
rdfResource Description Framworkrdf
mppMicrosoft Project Filepdf, xlsx
vcsvCalendarvcs
icsiCalendarics
lnkWindows Shortcutlnk
urlURLurl
jpgJPEG Imagejpg, bmp, png, tiff, svg, gif, ps, eps, pdf*
mj2Motion JPEG 2000mp4, avi, mov, wmv
jpxJPEG 2000jpx
bmpWindows Bitmap Imagebmp, jpg, png, tiff, svg, gif, ps, eps, pdf*
pngPortable Network Graphicspng, jpg, bmp, tiff, svg, gif, ps, eps, pdf*
apngAnimated PNGapng, png
mngMultiple Network Graphicmng
tiffTagged Image File Formattiff, jpg, bmp, png, svg, gif, ps, eps, pdf
tiff64Big Tagged Image File Formattiff64, jpg, png, gif, bmp
nefNikon Raw Imagenef, jpg, bmp, png, svg, gif
svgScalable Vector Graphicssvg, jpg, bmp, png, tiff, gif, ps, eps
gifGraphics Interchange Formatgif, jpg, bmp, png, tiff, svg, ps, eps, pdf*
tgaTruevision Advanced Raster Adaptertga
wmfWindows Metafilewmf, jpg, bmp, png, tiff, svg, gif, ps, eps, pdf*
emfWindows Enhanced Metafileemf
emzWindows Compressed Enhanced Metafileemz
icoIconico, bmp, png
curCursorcur
webpGoogle Image File Format for Webwebp
wdpHD Photowdp
dwfxDesign Web Format XPSdwfx
dwgAutoCADdwg
dwtAutoCAD Drawing Templatedwt
dwsAutoCAD Drawing Standardsdws
sfcSXF Feature Commentsfc
p21STEP Data Modelp21
jwwJW CADjww
jwcJW CADjwc
bfoV-nas BFObfo
dxfAutoCAD DXFdxf, pdf, jpg, png, bmp, gif, tiff
dwfDesign Web Formatdwf, pdf, jpg, png, bmp, gif, tiff
3ds3D Studio3ds, dae, stl, fbx
daeDigital Asset Exchangedae, 3ds, stl, fbx
u3dUniversal 3Du3d, 3ds, dae, stl, pdf, drc, rvm, fbx
drcGoogle Dracodrc, 3ds, dae, pdf, u3d, rvm, fbx
rvmAVEVA Plant Design Management System Modelrvm, 3ds, dae, stl, pdf, u3d, drc, fbx
dcmDigital Imaging and Communications in Medicinedcm
shpShapefileshp
shxShapefileshx
dbfShapefiledbf
heicHigh Efficiency Image File Formatheic, jpg, pdf
avcAdvanced Video Codecavc
wsqWavelet Scalar Quantization FBI fingerprint formatwsq
odgOpenDocument Drawingodg
wmvWindows Media Videowmv, mp4, avi
wmaWindows Media Audiowma
mpegMoving Picture Experts Groupmpeg, mp4, avi
wavWaveform Audiowav, mp3, mp4
mp3MPEG-1 Audio Layer-3mp3, mp4
pafEnsoniq’s Paris Audio Filewav
mpcMusepack Audio Formatwav
mp4MPEG-4 Part 14mp4, avi, wmv
movQuickTime video formatmov, mp4, avi
aviAudio Video Interleaveavi, mp4, wmv
webmVideo file formatwebm
flvFlash Videoflv
flaFlash Audiowav
swfShockwave Flashwmv
bwfBroadcast wave formatbwf
bw64Broadcast wave 64bw64
w64Sony wave64 autdio formatw64
rf64BWF-compatible multichannel audio file formatrf64
m4aMPEG-4 Audiom4a, mp3, wav
m4vMPEG-4 Videomp4, wmv, avi
mkvMatroska Videomp4, wmv, avi
hevcHigh Efficiency Video Codinghevc
3gpThird Generation Partnership Projectmp4, wmv
mtsMPEG-2 Tranmissionmts, wmv, avi, mp4,wmv
oggOgg Vorbis Compressed Audioogg, mp4
aiffAudio Interchange File Formaaiff
aacAdvanced Audio Codingaac
acmAudio Compression Manageracm
cafCore Audio Formatwav
opusOgg Opusopus, mp4, mp3, wav
mxfMaterial Exchange Formatmxf
vtxtAmiVoice Voice To Textvtxt
emlElectronic maileml, zip
msgMicrosoft Outlook Messagemsg, zip
tnefTransport Neutral Encapsulation Formattnef
oftMicrosoft Outlook Templateoft
pstOutlook Personal Folderpst
mbxOutlook Express Mailboxmbx, zip
txtTexttxt, pdf
jsonJSONjson
ttmlTimed Text Markup Languagettml
mpdMPEG-Dashmpd
xdwDocuWork Imagexdw*
xbdDocuWork Binderxbd*
xctDocuWork Containerxct*
crlCertificate Revocation Listcrl
spfStorageCraft ShadowProtectspf
prnHP Printer Job Language dataprn
zeiZUGFeRDzei
utibUTIButib
harHTML Archivehar
storyStoryist Documentstory
7z7-zip Archive7z, zip, gz, xz, tar
gz/gzipGNU Zipped Archivegz, 7z, zip, xz, tar
rarWinRAR Archiverar, zip, 7z, gz, xz, tar
xzXZ Archivexz, zip, 7z, gz, tar
zipZIP Archivezip, 7z, gz, xz, tar
alzALZipzip, 7z, gz, xz, tar
tarTape Archivetar, zip, 7z, gz, xz
bz2BZ2 Archivezip, 7z, gz, xz, tar
lzmaLZMA Archivezip, 7z, gz, xz, tar
lzhLZH Archivezip, 7z, gz, xz, tar
arjARJ Archivezip, 7z, gz, xz, tar
cabCabinet Archivecab, zip, 7z, gz, xz, tar
wspWindows Sharepointzip, 7z, gz, xz, tar
aceWinAce archive formatzip, 7z, gz, xz, tar
tseTIP Test Selection Enginetse, zip, 7z, gz, xz, tar
tsezTIP Test Selection Enginetsez, zip, 7z, gz, xz, tar
tsecTIP Test Selection Enginetsec, zip, 7z, gz, xz, tar
eggEGG archive formatzip, 7z, gz, xz, tar
gpkgGeoPackage Encoding Standardzip
b3dmBatched 3D Modelb3dm, zip
asicsAssociated Signature Containerasics
asiceAssociated Signature Containerasice
logLog filelog
pckSystem Center Configuration Manager Package Filespck
aemAppleSingle/AppleDouble Encoded Macintoshaem
ribcResearch Institute on Building Costribc
eszE-szignoesz, zip
base64Base64 Encodingbase64
zstdZstandard Compressedzstd
yz1Yamazaki Zipper Compressed Archiveyz1*
scdocSpaceClaim Documentscdoc
mdzipMagicDrawmdzip
lzLzip Compressed Archivelz
asarAtom Shell Archiveasar
  • (*) Only supported on Windows for now.
  • For the archive sanitization, please enable it in the Compression tab

Sanitization is in BETA for these file types:

  • ACM, 3GP, M4V, MKV, AVC
  • SPF
  • TWBX
  • UTIB
  • STORY
  • ASICS, ASICE
  • ES3, PCK
  • ZEI
  • EMZ
  • MBX, TNEF
  • B3ML, GPKG, B3DM
  • JNLP
  • TGA
  • BASE64, ZSTD, YZ1, SCDOC
  • URL, MDZIP, LZ, ASAR
  • WSQ, ODG, HEVC, TTML, MPD
  • DWFX

XML sanitization is specific to XML vulnerability. It does not eliminate other threat such as Microsoft Office XML formats.

HTML/TXT sanitization is designed for Email Security purposes, should not use for sanitizing normal HTML, TXT traffic. TXT with "Remove Invisible Characters" can be used for the LLM Guard use cases.

HWP: there are two versions of HWP, v3.0 and v5.0. v3.0 document can be created from only legacy old Hangul Word Processor. For this reason, we do not support HWP v3 and result in "failed to sanitize". We recommend this old version file as suspicious. If you need support for v3.0, please contact support.

XDW/XBD/XCT: Customers need to install and activate DocuWorks 9 or newer on the system to use this feature

HEIC/HEVC/AVC: it is enabled on-demand, please contact Customer Support or Sales team to enable it.

Single / Multiple Output File

If target contains only one file, it will be not zipped and treat as single output file. For example, If a PDF file has only one page, converts to JPG will be JPG. If a PDF file has more than one page, there will be multiple JPG files and will result in a ZIP file. The following sanitization result in potentially multiple files (single ZIP file).

  • PDF->HTML
  • PDF->IMG
  • DOCX→HTML, IMG
  • XLSX->HTML, CSV, IMG
  • PPTX→HTML, IMG

Notes:

Deep CDR removes active content that can drive a malicious behavior. These objects are usually non-visual, such as javascript, hidden malicious code in an image (steganography). However, those objects can also be visible such as hyperlinks, active code that change the data (e.g. macros). Even though is not within CDR process's scope, it might also alter the content if it's configured to do so.

For images and media files, we don’t “edit” the content, which means the original file and sanitized file will have the same content. However, the quality may be altered due to several steps performed to disarm the content by decoding, processing and encoding it again.

Known Issues

  1. Conversion from HTML to an image would fail if the size of the HTML file is bigger than 90KB
  2. AutoCAD file (.DWG): with version 2007-2009, when removing macro from the original file (if it has), opening sanitize file will display an error message "Failed to load project from storage" appeared but the file still works as usual
  3. Support TXT in ASCII, UTF-8, Shift-JIS and ISO/IEC 8859-1 encoding only
  4. When converting Excel files to TXT, only the first sheet is converted
  5. Support AI in PDF format
  6. If the file names inside XCT contain multibyte characters after sanitization, it will be different from the original. As a workaround, users can change the system default code page setting by the following steps: Settings > Time & language > Language & region > Administrative language settings > Change system locale, and check Beta: Use Unicode UTF-8 for worldwide language support
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Supported versions
On This Page
Supported File TypesWhat is CDR?Supported File Types (total 208)Single / Multiple Output File