Correct me if I'm wrong, but can't you disable a malicious file by simply renaming it?
If so, then here's my suggestion to find a middle ground. Although, this may not be doable from a technical standpoint.
How about when the server sees an unacceptable extension, instead of blocking it, it tacks on ".safe" to the end of the attachment filename and includes a short message to the body of the E-mail saying something like:
---------
This notice was created automatically by mail delivery software.
Your E-mail was found to contain a possibly dangerous attachment. It has been renamed for your protection.
If you feel this attachment is safe, simply save the attachment to your computer and rename it to remove the ".safe" from the end of the filename.
You will then be able to access it normally.
---------
Those who can't handle zipping/unzipping will have some relief.
And TCH will still have avoided any liability issues.
