If you detach/save the attachment to disk first, and a scan indicates it is infected, you simply delete the attachment and or the e-mail from within the client interface, then no harm's done. That is a preventative measure. If an attachment is infected the resident on access module will catch it the moment it is written to disk. I see no potential impact with this approach. I use the method above and haven't had any mailbox corruption issues, client incompatibilities, or infections. Excluding mailbox files from being scanned will also help prevent mailbox corruption. Many AV systems will corrupt mailbox file types because they don't seem to be able to single out the offending email so they just delete/quarantine the entire file so that's another good reason not to scan them or try to have an AV repair them.