With centralized email control, it is recommended not blindly dropping and/or quarantining affected messages, but rather politely adding a header that the informed user client can check later. This has the bonus of increasing user awareness, providing the user with a tool he or she can easily use for sorting emails and not giving administrators the troublesome problem of dealingwith quarantined messages.

Emails should never be lost if your filter program starts to fail; rather, a temporary error (telling the sending server to keep the messages in the queue and retry at a later time) should be issued.

SPAM filters and virus scanners:

• Spamassassin - Open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. It is a rule-based solution that implements many "recipes" for catching known SPAM as well as Bayesian filtering.
• Dspam - a scalable and open-source content-based spam filter designed for multi -user enterprise systems. It doesn't involve any specific rules, but provides generic adaptive filtering based on statistical analysis.
• MIMEDefang - an e-mail filtering tool that works with the Sendmail "Milter" library.It lets you express your filtering policies in Perl rather than C, making it quick and easy to filter or manipulate your mail. It is a generic filter that allows usage of arbitrary programs for tagging SPAM  and blocking viruses. You can use commercial antivirus software and Spamassassin along with it for performing both tasks. It only works with the libmilter API.
• Amavis - (A Mail Virus Scanner) scans e-mail attachments for viruses using third- party virus scanners available for UNIX environments. It is a generic virus scanner that also allows you to use your favorite antivirus software and Spamassassin. Unlike MIMEDefang, Amavis is more genric and supports various mail servers.
• Clamav - an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It is a virus-only scanner that can be used directly with the shipped milter program or with additional interfaces (including MIMEDefang and Amavis).

For thorough auditing of your antivirus implementation, you should always make sure that simple archiving of infected binaries is not going to fool your antivirus sofwtware.

When implementing site-wide filtering you should try to trigger it before the email is accepted in the queue, so that you'll have an error over the SMTP connection rather than a later bounce in case of rejection. Bounced messages for malicious emails can stay in your queue for a long time if the envelope sender is forged and invalid.

Other SPAM filtering techniques:

• DNS-based Blackhole Lists (DNSBLs, also known as Real-Time Blackhole Lists or RBL).
• Greylisting
• Distributed Checksum
• Challenge-Response
• The Initial Phase - demand the HELO greeting and delay the greetings.

Source: Hacking Linux Exposed