One approach would be to specify in Exchange Online that all attachments are stripped, but given that's how lots of people still work it is not a good idea. A better approach would be utilise Advanced Threat Protection (part of the O365 E5 bundle) as it will scan the attachments and open them in a "detonation chamber" to ensure they are safe before being passed on to the end user.
thank you for the response. As far as I understood that feature the method only affects incoming mail/attachments, while my customer also wants to include attachments which his users may attach to outgoing / internal mail.
Do you know / can you provide a link for this and how I can also scan attachments before I send a mail using Exchange Online?