Legitimate use of double file extension
PeaZip can handle and create files with double
extension; most common cases for having have a file with two extensions
compression only algorithm - most common ones are GZip Deflate, BZip2
7-Zip's lzma XZ compression - is
multiple files, which consequnetly needs to be
consolidated into a single archive - most times a TAR file -
before the compression step (also known as solid mode compression).
This result in the first step archiving extension (e.g. TAR file) being
pre-pended to second step compression extension (e.g. XZ).
Extracting TAR.GZ / TAR.BZ / TAR.XZ files could be treated as atomic,
single step operation, but usually (as in PeaZip, 7-Zip and other
archival utilities) extraction of compressed TAR files is a two step
process which firstly uncompress the TAR archive, and then unarchive
the contained files and folder structure.
Risks of "Hide known file extensions" option
A completely unrelated
use of double file extension spread after Micorsoft set "Hide known
file types extensions" option enabled by default for Windows XP
newer systems - this is still the default behavior on Vista, 7, 8, 10 -
opening the ground for attack exploiting hidden files extensions.
This option allows an attacker to trivially add a file extension before
the true one in order to mask the real nature of the file - being the
last file extension hidden by default to end users by the system in
file browser and most applications following system's file browser
In example, an executable virus named attachment.exe can be renamed in
By deafult, end user would be prompted "attachment.doc" (or any other
harmless file extension used by the attacker, i.e. .jpeg, .mpg), but
once clicked the file would be executed as .exe file (true file
extension) by the system.
In this way an executable file that should trigger a great level of
awareness and caution from user (e.g. .exe, .scr, .bat, .vb, .js...)
can be easily masked as harmless, common, file type to mislead end user.
file and archive browser never hide file extension, avoiding
this type of forgery.
Moreover PeaZip warns each time an executable or script file is being
executed from an archive, in this way 1) the user is made aware of the
potentially harmful nature of the file 2) the user can evaluate if it
is needed to extract the whole archive before, as executable and script
files could need some archived resources (i.e. dll) to be available in
uncompressed form before properly running.
Sometimes files with double extension are treated as suspicious ones,
but if it is the right case for executable ones (exe or script file
type as last extension), it is definitely NOT the case for archive
files with double extension, being TAR.something very common file types
- especially on *x systems.
External online resources: what are file
extensions, list of
types, TAR archive
format, which usually comes with a second extension (tar.gz, tar.bz)
declaring the compression scheme applied to the tar container.
Topics and serach suggestions: double file
hidden file extension forgery,
security, virus, scripts, disguised executables, attack, show / hide
extension for known file types wiki,
TAR.XZ, multiple file extensions, fake file format extension.
is a free cross-platform file archiver that provides an unified
portable GUI for many Open Source
technologies like 7-Zip, FreeArc, PAQ, UPX...
ARC, BZ2, GZ, *PAQ, PEA,
QUAD/BALZ, TAR, UPX, WIM, XZ, ZIP files
Open and extract
ARJ, CAB, DMG, ISO, LHA, RAR, UDF, ZIPX files and more...
includes extract, create and convert multiple
archives at once, create self-extracting archives, split/join files,
strong encryption with two factor authentication, encrypted password
manager, secure deletion, find duplicate files, calculate hashes,
export job definition as script.