You can use a file class signature to detect the presence of a .idx file, but not anything contained within it.
That's what I've been thinking. I am supposing that it would use up too many cycles for inclusion into the module so I've written a batch script to inspect hosts that pop for the .idx itself.
From there, I'll just upload any suspect samples to virustotal.com...
Thanks for the help!