Hello,
After running TrID on a few SNP files i run trid on uncompressed
members with name "_AccRpt_.snp". Many are misidentified as "Windows
Thumbnail Database" with extension "DB". With low recognition rate
about 12% they are characterized as "Generic OLE2 / Multistream
Compound File" by docfile.trid.xml ( see appended output/trid-old.txt).
Best information about SNP file format is found on Wikipedia. So again
i used that page by reference URL:
<RefURL>
https://en.wikipedia.org/wiki/SNP_file_format</RefURL>
According to that page and output of trid and file(1) command ( see
appended output\file-5.31.txt) we know that that such snp files are
Multistream Compound Files. This is expressed by typical starting
bytes expressed by first XML pattern like:
<Pattern>
<Bytes>D0CF11E0A1B11AE1000000000000000000000000000000003E000300</Bytes>
<Pos>0</Pos>
</Pattern>
According to reference such snp files should also contain Windows
Enhanced Metafiles. So when we run tridscan to generate
snp-emf.trid.xml a pattern with characteristic "EMF" magic should also
be found. Yes this is true:
<Pattern>
<Bytes>000020454D4600000100</Bytes>
<ASCII> . . E M F</ASCII>
<Pos>1574</Pos>
</Pattern>
With the help of tool SSView.exe (found on
www.mitec.cz/ssv.html) i
was able to open such SNP files and extract and store EMF streams.
Based on these two facts choose type name expressed by line:
<FileType>
Microsoft Access report snapshot (Multistream Compound File+EMF)
</FileType>
According to file(1) ( see output/file-i-5.31.txt ) make mime type by
line:
<Mime>application/CDFV2</Mime>
I am not sure about this. It seems not to be an official assignment.
Finally summarize observed facts in remark line:
<Rem>
Found as "_AccRpt_.snp" inside SNP Cabinet Archive
containing Windows Enhanced MetaFile
generated by Microsoft Access version before 2010.
Can be inspected by Michal Mutl Structured Storage Viewer.
</Rem>
I tested only a dozen of such examples. So trid definition file contain
many patterns, which probably disappear when more samples are inspected
or people with knowledge about OLE file format can eliminate accident
parts.
With new definition file all such uncompressed Windows Access report
snapshot are now described more precise (See appended
output/trid-new.txt).
TrID definition, some examples and output are stored in archive snp_.zip .
I hope that my XML file can be used in future version of triddefs.
With best wishes
Joerg Jenderek
