This very likley has to do with MWG performing Progress Indication:
When MWG is performing "scanning" (Anti-Malware or other things), MWG will use progress indication to deliver the file to the browser. In doing so MWG may remove the Content-Length header in the response to the client, this way if there is a virus found, MWG is not on the hook to send the rest of the file.
I would suggest opening the broken file in a text editor, then scroll to the bottom of the file.
If you find an HTML block page, then it may have been blocked, but you didnt see the page due to data trickling.