If you've got 2.2.3, then for incoming mail that comes in through incoming.pl, you can use the incoming::validate hook. With that you could look at the From of the header passed in and do a lookup of that address in the user database.
Of course, the proper solution to this would be to do SMTP level virus scanning. This would either remove the attachment, or reject the email.
Adrian
Of course, the proper solution to this would be to do SMTP level virus scanning. This would either remove the attachment, or reject the email.
Adrian