Antivirus are not able to detect any malware. There are so many flavors of the same kit it is quite impossible to identified using a signature based on compiled code. But these are the “clients” of external services, quite standard. So looking inside the traffic generated by your office you can try to find the signature of known malwares installed in your infrastructure.
The best tool to keep your traffic monitored is Snort, opensource intrusion detection tool provided by Cisco. If you have a firewall build with a Linux box, it is quite simple to install on this box: how to install snort.
I case you have a standard appliance (a standard firewall), you can not install any specific software, but you ca still monitor the traffic using some mirror functionality of your switch. Install Snort on a linux box using the same blog how to install snort then in the switch were your firewall is connected, mirror the traffic of the port where the firewall is connected to another port where you connect the linux box.
In this way all the traffic going out through the firewall is send in the same time to the linux box where Snort is monitoring the traffic.