No solution (FW or content filter) is 100% effective, expect that some items may get passed your protective barriers. You did not mention if you have anti-virus on the desktops/email server, etc. Do you have VPN access that allows home/mobile users into the network behind these screens?
You could have an infected client(s) that is propagating these infected emails. You could, if VPN is implemented, have been infected from an insecure external PC. Once infection is on the LAN, your security is breached. Consider scanning your client(s) and server with AV product.
Have you checked with SC about their EF product and this issue?