We've struggled with what to do with large file downloads in both MWG6 and MWG7. It just never seems to work well. If we are using data-trickling, users get anxious and don't understand why they are only getting 12 K per second. We've also had some trouble with files getting 'stuck' in antimalware scanning, where the progress pages show it is scanning indefinitely, and it never quits, while causing a CPU spike in the process.
Are there any best practices for determining what files to scan with the Antimalware engine? I'm wondering what other companies are doing around this. Do a lot of companies bypass AV scanning for files bigger than a certain size? Any suggestions are welcome!
Generally we see that people are not limiting the file types they want to scan, you can of course do that. I have once configured a policy for a customr, where they only wanted application/executable, PDFs, images. That was it - not more.
For file sizes, we see that there is a slight tendency that orgs are only scanning up to a certain limit, whereas the limit varies between 10MB and 100MB.
I think a conclusive answer can't be given, as this is subject to your org's determination of the potential security risk.