1. Are you using default (Kaspersky) AV engine on Check Point, or have you disabled it and are using alternate engine?
where using the default kaspersky engine
2. What is the depth of the archive scanning that you have configured in AV blade and do you have it enabled?
The nesting level is set to 7 at the moment. and if nesting exceeds the set level its set to block the file.
3. Are you using S/MIME signed email?
No, the emails are standard emails. and the emails recieved with virusses are standerd emails as well
4. Do you have Mail AV configured to scan all files or "known to contain"?
At the moment its set to all files.
5. You have mentioned the ESET discovering the virus on the endpoint, but was it discovered in the email?
Eset Triggerd on the virus in Outlook.exe
6. Do you have an AV on your Exchange box? If yes, was the same virus discovered on it as well?
Nope there is no AV on the exchange system. there is on the baracuda