By default, command file has no definitions to detect ZLIB detection, but my tool file-magic.py uses an additional file with custom definitions:
Take for example a ZLIB compressed stream in a PDF document:
As you can see, the stream starts with 0x78, an indication that this is ZLIB compression.
Piping this stream in my file-magic.py tools helps identifiying the unfiltered stream content:
Of course, if you don’t want to use this tool, you can just integrate these ZLIB definitions in your own definiton files.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.