The "Delete Executable File Violations" content compliance rule is triggering on some messages that contain compressed or archive files but no executable attachments.
This can be caused if the MIME encoding of the attached file is labeled with a non-standard MIME type when the original email was sent.
For example, there may be some cases where the email client will encode a PDF, GZ or TGZ file as application/x-compressed and your executables file policy is using the default "Executable Files" attachment list which is configured to detect anything that begins with application/-xcom. In this case the attachment will match the "Executable Files" list and be treated as an executable.
Symantec Mail Gateway (SMG) version 9.0 and later provides an attachment list named True Type Executable Files. If you are experiencing false positives with the Executable Files attachment used list used by the default Delete Executable File Violations compliance rule that ships with the product it is recommeded that the rule be modified to use the newer True Type Executable Files attachment list.
To use MIME-Types for detection, it is recommended that rules use MIME-type is instead of begins with.