if the client browser are going through the web proxy, and Kaspersky AV is enabled on that proxy and no rules are preventing scanning of the site or content type, then Kaspersky AV for WinGate will be scanning it. But typically things like https traffic are not scanned (needs https inspection for that).
So there are some scenarios where content wouldn't be scanned.
Also it's always possible that the exploit is new or Kaspersky Labs haven't released a signature update for it yet. It's always an arms-race between AV authors and malware authors.
But I think Kaspersky Labs idea of what constitutes a thread incorporates what you'd call malware as well as viruses.
To test if Kaspersky AV for WinGate is in the chain, normally we suggest going to www.eicar.org
and downloading one of the eicar test files.
Adrien de Croy