I got an idea to prevent malware spam.
If a script is calling sendmail to send e-mail then the script should be scanned with clamscan first (it will be very fast). If a virus is found then sending will be blocked, if not then it would be passed.
That would prevent from malware spammers executing PHP scripts to send SPAM. Blocking to 100 e-mails per hour is not enough. Our servers will got DNSBL anyway.