Using ESG v7.7.3. Since Data Security is processed after Anti-Spam, emails released from Quarantine go directly to the recipient instead of being processed through Data Security after release.
A person on the Help Desk released a zip file that was caught as spam but that had an .exe malware file in it.
Fortunately the AV on Exchange stopped it but if it had gone through the Data Security rules it would have been stopped in DLP since we block inbound executable files.
I did not see away for it to "continue processing" on the built-in policies.