Hello trid users,
some days ago i read an interesting article in German computer magazine c't
in number 24 from 2022. There was described the efforts and methods of
Microsoft to protect their system. Unfortunately Microsoft is
non-transparent like FIFA and do not exactly explain why something is
happening. Luckily in the article 39 file name suffix are listed which
considered to be potential dangerous. One extension is LNK.
So i run trid utility on such LNK examples. The examples described correctly
as "Windows Shortcut" by lnk-shortcut.trid.xml, but without mime type and
reference URL (See appended output/trid-v-old.txt). I verified that these
are valid links by using command line tool lnkinfo.
For comparison reason i also run file command (newest version 5.44) on such
samples. Here such samples are described as "MS Windows shortcut" (See
appended output/file-5.44.txt). When running this with --extension option
also suffix LNK is listed here (See appended output/file-ext-5.44.txt). But
when running with -i option a mime type is shown. That is
application/x-ms-shortcut (See appended output/file-i-5.44.txt). That
information can also be found in shared-mime-info database. So on my
Raspberry Pi there this type is also used.
For comparison reason i also run the file format identification utility
DROID ( See
https://sourceforge.net/projects/droid/). This does recognize
only some archives. These are described as "Microsoft Windows Shortcut" by
PUID x-fmt/428. Here no mime type is shown and also LNK suffix is considered
as "good" marked with EXTENSION_MISMATCH false (See appended
output/droid-lnk.csv).
So i update lnk-shortcut.trid.xml. The mime type is now shown by additional
line like:
<Mime>application/x-ms-shortcut</Mime>
Luckily with information given by file and DROID i was able to find
information on file formats archive team site. That informations are
expressed by line like like:
<RefURL>
http://fileformats.archiveteam.org/wiki/Windows_Shortcut </RefURL>
With the updated trid definition now my LNK examples are still described,
but now mime type and refernce URL are also listed (see appended
output/trid-v-new.txt). TrID definition, some samples and output are stored
in archive lnk_.zip. I hope that my updated definition can be used in future
version of triddefs.
With best wishes
Jörg Jenderek
