I'm not a Postfix wizard, so before doing all the work of digging into Postfix parameters, I'm going to suggest what popped to mind as the easy way first.
Rather than redirecting all your mail to the new box and trying to write a "everybody but these" rule for redirection, leave it pointed to the old box, and just put entries for each userid you want on the postfix box in /etc/aliases.
For instance, say I'm one of the guys you want on the Postfix box. For the example, the current mail server is prodmail.domain.xyz and the Postfix box is testmail.domain.xyz.
In the /etc/aliases file on prodmail, put an entry that says:
clacour:
clacour@testmail.domain.xyz
(You might be able to abreviate that to just clacour@testmail, if your name resolution is set up the right way.)
All of my mail will now hit the old server first, get rerouted to testmail, and be processes like normal there. When you're satisfied that everything on testmail works the way you want it to,
then you redirect the output of the Viruswall box to the Postfix box, which is now your new production mail server.
Hope this helps,
CHL