Retroperspect
commented
6 years ago doing our testing we mostly couldn't find any security breaches in your system, however I think I found a possible pointer to the antivirus problem doing my skipfish scan.
shows that you have a Multipurpose Internet Mail Extensions (MIME) type low level problem.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types
from what I've read and understand, basically the issue is that when you havn't set your MIME the browser will automatically atempt to "sniff out" what the content is and run it, if it was a .exe file that contained virus it would automatically run it and this is seen as a security risk for the user so the antivirus blocks this action. I'm unsure if this is excatly what happens, but it's worth investigating from your side.
also we made your server sweat abit...
just the heads up were testing the system following the OWASP top 10 issues, further alerts will be if issues arise with the system.