Zip is, erm, an "interesting" format. A robust solution is to stream the data out, and stop when you have had enough. In Java, use ZipInputStream rather than ZipFile. The latter also requires you to store the data in a temporary file, which is also not the greatest of ideas.

Reading over the description on Wikipedia -

Deny any compressed files that contain compressed files.
     Use ZipFile.entries() to retrieve a list of files, then ZipEntry.getName() to find the file extension.
Deny any compressed files that contain files over a set size, or the size can not be determined at startup.
     While iterating over the files use ZipEntry.getSize() to retrieve the file size.

If the ZIP decompressor you use can provide the data on original and compressed size you can use that data. Otherwise start unzipping and monitor the output size - if it grows too much cut it loose.

Check a zip header first :)

Try this in Python:

import zipfile
z = zipfile.ZipFile('c:/a_zip_file')
print 'total files size=', sum(e.file_size for e in z.infolist())
z.close()

Make sure you are not using your system drive for temp storage. I am not sure if a virusscanner will check it if it encounters it.

Also you can look at the information inside the zip file and retrieve a list of the content. How to do this depends on the utility used to extract the file, so you need to provide more information here