my experience was,

1. education, make it known to users

2. stripping the attachment with known file extension, e.g. exe, com, scr ... even if in zip

3. notify user of the block immediately

if the attachment is genuine, the users will have to contact the sender themself and request the sender to double or tripple zip (this depends on how many level of zip that u r filtering) the file b4 sending it again.

rgds
de