This is not unique to EOP or MDO. Most gateway solutions will not tackle encryption, and encryption can be as little as a write-protect or cell protection password on a document or worksheet. You are dependent on end-point protection to scan the attachment once the recipient has opened it.
For rules, your predicate is "includes an attachment that is password protected" and your actions can be to quarantine, redirect or stamp the e-mail with a disclaimer. One possibility is to prepend the message with the text "This mail contains encrypted attachments. Are you expecting encrypted content from this sender? Check that {your anti-virus} is up to date before opening these attachments, or contact {your support desk} for advice." Needless to say, you should also have a fairly aggressive common attachment types list to keep most dubious attachment types out anyway.