There's a file processing service that looks for some know attacks and sometimes returns messages like:
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Are there heuristics that model the likelihood that a file is harmless, and if so, what is a simple example of such a heuristic, and what is the best way to learn more about the topic in general?