Archive recursion is the process of scanning inside compressed files and then continuing to scan any nested archives, folders, and files found within them. Security tools use recursion to look past the outer attachment and inspect the full contents of ZIP, RAR, 7z, ISO, or similar containers. Without it, a malicious file can hide several layers deep and avoid shallow inspection.
This matters because attackers often bury scripts, shortcut files, or payloads inside multi-layer archive structures to reduce the chance of detection by mail filters, sandboxes, or manual review. Recursive inspection helps defenders reveal suspicious file types, unusual nesting, and staged launch chains before a user opens them. In practice, good archive recursion is balanced against performance limits, since very deep or highly compressed files can be used to slow scanners or trigger decompression bombs. For that reason, security teams often set depth limits, file-type rules, and timeout controls while still recursing far enough to catch hidden threats.