One of the cloud offering is the service called Email Data Protection. This service may give you the capabilities you are looking for in point 1 and 2. The service is a policy engine allowing you to use, amongst other things, regular expressions for pattern matching in an email (body, headers) and certain type of attachments.
Each policy can be configured with a specific action such as block, redirect, copy, route to, as always as being able to alert recipients and senders should you wish it. You can get a better idea on how the service works by reviewing the below video.
http://www.symantec.com/tv/community/details.jsp?vid=3037566445001