This article describes how either an Exchange Server administrator or end users can prevent the winmail.dat attachment from being sent to Internet users when using the Microsoft Exchange Internet Mail Connector (IMC). This attachment file may be seen as unscannable when processed through the Cisco Email Security Appliance (ESA).
From Microsoft Support, "When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients."
Also from Microsoft Support, "Recipients who do not use Microsoft Outlook or a Rich Text Format-aware client application cannot display Rich Text Format, and so the Winmail.dat file, which contains the Rich Text Format information, is attached to the e-mail message." Please review the following Microsoft Support article for full details: XADM: Winmail.dat Attached to All Internet Messages Regardless of Setting on Client
Troubleshooting winmail.dat Attachments
The winmail.dat attachment is of no use to non-Exchange clients. From the ESA and Sophos anti-virus scanning, the file will result in an unscannable verdict. This is not an error or issue as a result of the ESA or Sophos. The unscannable verdict is ruled due to the file's original creation and encoding.