ARJ isn't too big an issue if your recipients' desktops can't decrypt it, but we've had the same issue with ZIP/EXE which again our rules should have stopped regardless of malignancy. Unlike the ARJs, Message Tracking couldn't see these at all. In the end we were given the following CLI message filter to fix things:
Add_attachment_header:
If (attachment-filename == "^.+$")
{
Insert-header("X-Attachment-filename", "$filenames");
}
.
Seems to have done the trick, but as it was an invisible problem to start with I'm depending on sightings to be sure. We're going up from 7.5.1 in the near future to dodge the EOL on Sophos.