Protecting Secure Storage from Viruses

The administrator of antivirus software for the company I work for asked me today about a "potential threat" detected by the antivirus program on our FileMaker Server VM (FileMaker Server 13.0.2 on Windows Server 2008 R2 Std). He listed the path to the "file", which I identified straight away as an image file stored externally from the database via Secure Storage.

I sent him a link to the KB article on external container data storage using Secure Storage along with a comment that the antivirus is probably reporting a false-positive. His response was "That is a secure way to store viruses files."

This got me thinking about keeping the data on both live databases and backups safe and secure. In my FM server setup, I follow best practices as much as possible, ensuring that antivirus programs don't scan hosted database file locations but I allowing it to scan backups (hence why it discovered the file in question).

I'm not going to say there's no way a virus can sneak into our database; anything's possible, I suppose. But what I do know for sure is that each workstation that uses FileMaker to add files to containers in FM databases has an antivirus installed with on-access scanning enabled.

Do you all have any advice for me here? I want to give my antivirus admin confidence that FileMaker Server is not a security risk, but I also want to understand any potential risks.