Email used to be the most popular medium to transmit Malware; however the trend now is towards blended threats where the email is used as the lure and the payload is downloaded via an embedded link.
Blended threats often mimic legitimate emails that a user may have seen before such as a bank security message with a request to validate credentials. Other scams include e-Blasts with topical information such as ‘tickets still available’ to a sell out concert etc.
That said in a typical organisation there will still be a steady trickle of traditional malware that is received as part of the message content; hence it is necessary to scan each email against known signatures and that these are updated regularly.
When scanning files it is important to not just scan the top level files but also to analyse embedded objects within documents and probe into compressed archives.