Here's a little history on the issue:
I hired contractor 1 to push data from a MSSQL SELECT stored procedure into an Excel 2003 spreadsheet using my ASP.NET interface. The sneaky little #%!# tried to fake it. He pushed my SELECT stored procedure data into an HTML table and assigned an XLS file extension to the file. Sure enough, Excel opened the file, but it wasn't a true Excel file.
Contractor 1 is gone. Enter contractor 2. I hired him to do the same thing. I'm reasonably sure that his work is genuine. I've attached it. Are there clues I can look for in the metadata to assure it is a "true" Excel file?