Hello Atef,
this should be done rather by a virus scanner (Sophos/McAfee) than by a filter, which most likely will cause some false positives. For instance, a possible approach looks like this:
- Filter Condition: Attachment File Info -> File Type is: - - exe
- Filter Action: Strip Attachment by -File Info -> File Type is: Compressed
This works well when there is only one attachment to a message, and that attachment is an archive with an exe file. However, in case a message comes with two attachment, where one of them is an archive and the other an exe file, the archive will be stripped.
Hope that helps,
Andreas