AV in Office 365

Antivirus in Office 365

Antivirus drawbacks in Office 365

Zero day problem

Office 365 antivirus scans email only at arrival. It does not have mailbox scheduled scan. New viruses (not discovered yet, no signature) will not be detected. When signatures will be updated only new infected emails will be deleted. Mails that already resides in mailbox will not be deleted.
Solution: Use endpoint antivirus with pst scan option.

SMTP scan only

Office 365 scans only SMTP protocol (incoming and outgoing). Virus can be uploaded using http (webmail) without scanning. Virus will reside in mailbox (including in mail client on users pc) till user will delete it.

No sandboxing

Files are scanned using only signatures. Check sandboxing test here