For proper telecoms gear (ie, speaks something other than Ethernet via copper/fibre optics) I can sort of understand that posture (offer not valid for telcos/encryption endpoints for customer-data traffic). Otherwise, why not cobbled together GNU/Linux install / router-oriented Linux distro? Other than the antivirus bit[1] (and mayyyyyyyyyybe the anti-spam solution[2]), you'll get either the same software as the proprietary turn-key solution (admittedly will all its gory details) or something super close enough.
And even I have to admit that there are companies that do the right thing (TM) regarding support for old kit. I run a fleet of old (circa 2012-2014) Mikrotik[3] Wi-Fi routers (493 series) which have regular software updates/upgrades without the need of a support contract[4] to this day, and ship with some pretty advanced features for the hardware they sell (VPN client/server -- even Wireguard in later versions! --, RIP/OSPF support, apcupsd -- local only IIRC, virtualization, etc.). I have to admit to my eternal shame to largely not upgrading these, but due to how these are deployed (and their uptime requirements), most everybody in my work is on the "known broken" camp (as opposed to my preferred "new shiny exiting borkage!" camp)
[1]: I've seen some nasty comments/reviews regarding clamav dotted around the internet, and IME it hasn't caught anything, mostly because [2].
[2]: spam-assassin (via amavisd-new which adds more checks/integrates antivirus in a single milter) has been working super, super well for me. Its biggest weakness (and I believe it's mainly because I haven't enabled integrations to paid antispam subscription services/my e-mail traffic is primarily in/for a non-english-speaking crowd) are phishing e-mails from compromised e-mail accounts of otherwise valid domains. (I "have setup" -- accepted the default debian config of -- amavisd to outright block e-mails with executable attachments -- PE/ELF executables, VBS scripts, etc).
[3]: I respect the hardware (esp. when I get to flash OpenWRT on it :) ), not quite the biggest fan of the software (UIs -- web and Winbox -- are kinda whack, console is fully-featured and very tractable if you're used to Cisco-esque environments -- it even has a half-decent autocomplete!).
[4]: You do need a valid license to use it, which for my practical purposes comes in flash with the hardware (and dies when the internal flash dies). The license comes in five levels with different access to features, but all Hardware I've paid attention to has either come with the 3rd level (bang-on middle, good enough for my needs), or the full monty. You can license just the software and then BYOServer, but I never had/felt the need to.