Can you believe after all that happened, I started sending out weekly emails reminding users not to open strange files from unknown recipients yet someone just sent forwarded me an email with a zip attached stating that they couldn't open it?
No shit!
The anti-virus kept on blocking it and the user kept trying to open it, I have 3-4 entries in the anti-virus global log showing this.
Good thing I had changed all the users from Local Admins on their PCs to Power Users thus removing access to override the Sophos anti-virus blocks.
I've now just setup a new hub transport rule in my exchange that bounces back about a dozen types of archives from zip to 7z, rar, tar and so on with a message stating our Exchange server no longer accepts archived attachements.
Just wow! The naivety of some users appalls me!