Here is my take on ANY email protection.........
SEP covers it because it rests or resides on a computer drive, and consists of files.
Even in outlook - say someone sends you an attachment, you either run it or save it.
If you save it, it's saved as an ordinary file in the folder of your choosing. SEP scans files upon creation.
If you choose to RUN it, then the email client saves the attachment into a temp folder on the local drive - SEP scans it as SEP scans files upon creation.
If it's a script, and attempts to connect to a bad web site and download content - SEP scans it in the WEB CACHE area because - yup - SEP scans files upon creation.
Doesn't really matter if you have specific email protection or not, the local AV will catch it.
I can't tell you how many times SAV CE or even SEP more recently, has caught something that the so-called email protection on Exchange (a competing product) missed when that user opened the email message and either tried to run, or save an attachment and yes, SAV or SEP nailed it upon creation, before it could be executed.
That's MY feeling on "email protection" - if you run SAV or SEP, you have it anyway............regardless of client.