This is a real Linux Newbie question, so please bare with me.

I work in the IT department of a local Civil Engineering firm. We are a Microsoft shop after migrating away from Novell. A mistake in my opinion, but that's another conversation altogether.

I have a Linux server at home and I have RedHat on a laptop which I think is pretty cool in itself.

OK, here it is: We had two users double-click on the gone.scr file in their in-boxes yesterday and I spent much of my day cleaning up the network and their workstations. Norton AntiVirus didn't have the signatures updated in time. Not an uncommon occurrence unfortunately. We use a Cisco PIX firewall.

I was wondering (and here's where my lack of knowledge shows), is there a way to deny entry if a packet contains certain attributes? In other words, if a person outside our network sends an e-mail to an internal user with gone.scr attached, can a Linux firewall be configured to reject it altogether?

Just curious...

Iptables has some (rudimentary?) form of filtering, but Im not familiar with that, maybe someone else can come up with the gory details :-]
Snort, an IDS package ,allows you to filter for strings like this CodeRed entry shows:
alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "CodeRed/Index Server - Generic"; content:".ida?";)
but this ain't what you're looking for.
The keyword is email since that is the only infection vector (transport layer) I know of; you'll need to look into mail filtering.

If you're mailhost is running a Linux MTA like sendmail you could either add rules to the /etc/sendmail.cf (or use libmilter, inflex, possibly ripmime or any other filters). An example of what sendmail can filter is here (Melissa). Possibly cert.org, sans.org and/or securityfocus.com already have prefab rules out for filtering.

If OTOH its running the very leet Microsuck Xchange S3rv3r, there's another good reason to convert to Linux :-]