scan POA for non-virus content with SMG

We were just hit with a social engineering/ CEO fraud attack that our involved users did not bite on thankfully. But I have been directed to ask if twe could use something like an IMAP inteface policy to scan for emails that are not virus-ey but rather of the format [HighRankingPerson]@gmail.com. I don't think so but can SMG do something like that with the POA?

thanks,

Andrew