Rather than relying on the file name alone, OfficeScan uses IntelliScan to identify the true file type and determine whether the file is a type that OfficeScan should scan.
True file-type detection: IntelliScan first examines the header of the file using true file-type identification and checks if the file is an executable, compressed, or other type of file that may be a threat. IntelliScan examines all files to be sure that the file has not been renamed—the extension must conform to the file's internally registered data type.
For example, Microsoft Word documents are file extension independent, even if you rename a document from "legal.doc" to "legal.lgl", Word will still recognize and open the document, along with any macro viruses it contains. IntelliScan will identify the file as a Word document regardless of the file extension, and scan it accordingly.
File extension checking: IntelliScan also uses extension checking, that is, the file name itself. An updated list of extension names is available with each new pattern file. For example, the discovery of a new ".jpg" file vulnerability prompts Trend Micro to add the ".jpg" extension to the extension-checking list in the next pattern update.