I think I understand the question. I only get banned extension notices when there is no known virus.
I route these banned notices to a folder in my mail program for special attention (the virus name is in the subject).
The banned e-mails get checked "by hand".
If it looks legit, I send a form letter to the source and destination. ("... for your protection we are blocking ........."
The others are assumed to be either a new virus (first few hours) or a broken scrap returned by another mail system.
Greg
PS I'll revive a long term request.
When I try to guess if a banned e-mail is legit, the FULL file name and not just the extension would be a BIG help.
--- [This E-mail scanned for viruses by Findlay Internet]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.