I have the suspicion you might have a rule that uses the "enable composite opner" event somewhere higher up in your rule sets.
DAT files are probably nothing the mWG can "open" to inspect it, but zip files and most exe's are. so you are skipping AV indeed, but the opener is still applied, meaning it will take that zip file apart and start embedded cycles for every object inside. and if those objects are smaller than 40MB, they might even get AV scanned.
In the default Enable Opener rule set, there is no file size criteria placed on Enable Composite Opener so all files that can be opened will be flagged as such. If you want to limit the size of files that are scanned by the AV engine, you could add a limitation there.
Depending on the type of file(s) involved, you may need additional criteria. For example, I've seen a sitation involving a Subversion checkout where MWG pulls down every file in the repo and globs them all into one big temporary file which it then proceeds to extract.
Thanks guys, it was the composite open causing issues and just added a size rule to this as well for the desired results