what webmailer do you use? Are you using SSL Scanner?
Some webmailer are hiding their payload and it simply a matter of finding out what the mailer does in order to set up the rule correctly
SSL Scanner is active, but in that case is not used, it's http connection.
The same situation is not only with that public webmailer only.
With fiddler I found that IE sends exe file as text/plain Content-Type. Firefox sends exe file as application/octet-stream. Same Content types for files without extensions. Of course text/plain content looks harmless, but should not Web Gateway scan it anyway? Maybe it is possible to change this?