exe files getting through, anyone notice this?

[XPerties]

One of my servers a client has reported exe files are not being blocked although etc/antivirus.exim shows:

# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|$
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."

Anyone else seeing this issue and maybe have a solution to something may be over looking as to why a few accounts are receiving exe?

BTW it DOES NOT happen on all accounts.