True File-type Detection—IntelliScan first examines the header of the file using true file-type identification and checks if the file is an executable, compressed, or other type of file that could be a threat. IntelliScan examines all files to be sure that the file has not been renamed—the extension must conform to the file's internally registered data type.

For example,even if you rename a document from "legal.doc" to "legal.lgl" and the file extention is not usual, IWSVA will still recognize the file as a Word-format and scan the document according to the actual file type. If a macro-virus is included in the Word document, IWSVA scans the virus along with the document.

File Extension Checking—IntelliScan also uses extension checking, that is, the filename itself. The list of extension names to be scanned is updated with each new pattern file. For example, when there was a new vulnerability discovered with regard to ".jpg" files, the ".jpg" extension was immediately added to the extension-checking list for the next pattern update.