Martijn Hoekstra wrote:
Should we also be exploring any possibly malicious archives inside archives recursively, or is just making sure the archive itself is good is good enough?
I think that we should block such files. Also note that we can't recursively analyse everything since that would allow to DoS us.