Are incoming ticket attachments scanned for viruses?
Zendesk has an online system that scans incoming and outgoing email attachments running 24/7. This only applies to attachments on email messages - Attachments sent or received via any other channel (e.g. uploaded via the interface or the web form) are not scanned for viruses
You may want to install an AntiVirus solution on all of your agents' computers as malicious attachments can come from other places besides Zendesk ticket attachments.