# Is my file safe? > A magic-byte check identifies what a file is, not whether it is dangerous. This page sets the scope so you know when the verdict is enough and when you still need an antivirus. Source: ### Key facts - **What it answers** Format identity. Does the byte content match what the extension claims? MATCH, MISMATCH, AMBIGUOUS, or UNKNOWN. - **What it does not answer** Malware. The checker does not unpack archives, does not run macros, and does not call out to a third-party virus database. - **How to use it** Treat a MISMATCH as a strong "look closer" signal. Treat a MATCH as "the format is what it claims", not "the contents are safe". - **Pair with antivirus** For an actual safety verdict, run the file through your endpoint security or upload to a multi-engine scanner. The two checks complement each other. ### Frequently asked questions #### Why do you not just add a virus scanner? A real virus scan needs a continuously-updated signature database, sandbox execution, and behavioural heuristics. We would either ship a stale local model (worse than no signal at all) or send your file to a third-party scanner (defeats the privacy promise). Neither trade-off is worth it for the value we add. #### Can a MATCH ever be wrong about safety? Yes, by design. A MATCH only confirms format identity. A correctly-formatted PDF can still embed JavaScript that exploits a viewer; a correctly-formatted DOCX can still ship malicious macros. Format and safety are independent concerns. #### What should I do with a MISMATCH verdict? Treat it as a strong reason to slow down. Confirm with the sender that the file is what the name claims, or open the file in a sandbox / virtual machine you do not mind losing. Do not double-click on instinct. #### Does the File Type Checker open the file at all? It reads the first 4096 bytes to look up the magic-byte signature, and on desktop it runs an AI content classifier on text-like files. It never executes embedded scripts, never follows external URLs in the file, and never uploads the bytes anywhere on the free single-file flow. > Format identity is the right tool for "is this attachment what it claims?". For "is this attachment safe to open?", pair it with endpoint security.