To disable the executable-attachment blocking that many Cpanel servers do by default but don't provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file:
if $header_to: matches "example\.com|example2\.com" then finish endif
It is probably possible to use a separate file to list these domains, but I haven't had to do this enough times to warrant setting such a thing up.