If virustotal.com won't check an archive for malware, and archives are exploitable,
what's the best way to handle an archived download, such as a .RAR file?
Our AV's already engage to scan on read and access from archived files, virtualization is your next step when the results are inconsistent. (As mentioned already)
In addition to the suggestions by @hjlbx and @jamescv7 many AVs such as Avast, for example, allow you to scan compressed files but only if they are not password protected. In this case, no way to scan the archive.