> My default implementation would be to turn it on so that it blocks all
> emails, files and photos that it finds has a virus or phishing
> Do you see any reason to not do it this way?
"Block" = "Drop" or "Reject"?
Drop is a very severe action, and I'm not entirely sure it should be done even with non-subscribers. With subscribers at the least I'd recommend "reject" (and add to the Activity log).
As Jim and some others, I was thinking maybe have a group option to put those from subscribers in the pending queue, prominently marked as containing potentially harmful content. This would serve the small fraction of groups who might be studying such things, or might be sharing harmless executable files that trigger a false positive.
I'm sympathetic because once long ago forwarding a message to email@example.com or firstname.lastname@example.org was a common way certain senders requested that non-users (of their service) should report "bad" messages coming from their service. But I had an ISP that blocked suspicious messages outbound by me, so I couldn't send the requested report.
I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default.
By the way, I assume none of the above applies to the boatloads of absolute junk from invalid sources (malware-infected PCs and the like) that I presume you've been dropping all along. Those deserve the black hole treatment.