At the time of the ILOVEYOU outbreak 10 years ago we had the policy at the company where I worked to stop all emails which could be a threat, including emails containing Word documents, ZIP files, etc and all these emails were manually scanned and forwarded by a trusted employee of the IT department. If it couldn't be scanned, it was simply returned to the sender with the request to send the email again in an accepted format. (PDF wasn't known to be unsafe 10 years ago ;))
In that time it was a great way to deal with this kind of threats while many employees were struggling at home to try to remove these and other infections from their personal computers. This kind of manual scanning uses human labor and may because of privacy concerns also not be appropriate in specific settings. The company I am talking about was a technical company where most emails coming in and out were production data, drawings etc, nothing privacy related. There was a stand-alone PC in separate room with an Internet connection which people could use for their private Internet activities.