AV in Office 365
Antivirus in Office 365
Antivirus drawbacks in Office 365
Zero day problem
Office 365 antivirus scans email only at arrival. It does not have mailbox scheduled scan. New viruses (not discovered yet, no signature) will not be detected. When signatures will be updated only new infected emails will be deleted. Mails that already resides in mailbox will not be deleted.
Solution: Use endpoint antivirus with pst scan option.
SMTP scan only
Office 365 scans only SMTP protocol (incoming and outgoing). Virus can be uploaded using http (webmail) without scanning. Virus will reside in mailbox (including in mail client on users pc) till user will delete it.
Files are scanned using only signatures. Check sandboxing test here