The action in the default policy is to quarantine Encrypted Messages.
Created an incoming policy which matches this sender, and Antivirus policy is set to deliver encrypted messages.
And have any encrypted message from [email protected] to any other recipients to be quarantined
You could set up a policy that applies to sender [email protected] where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy. Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not [email protected] then quarantine the message. I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message. Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter. Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).