What i think to be the right procedure with mail is:
-use a real mail client: its function is to use mail, not to play spam/get spammed and spyware games with pictures, sounds… : Incredimail, some webmails).
However, using a webmail (or a trashable mail software) for subscriptions is a good idea, since you can dump them whenever you want.
Secured mail clients usually include their own engine, and not your browser’s one: The Bat, Eudora, Pegasus, maybe Foxmail.
-always monitor mail on the mailserver itself (my mail client has this integrated feature, if not, mailwasher or similar is fine).
-set your mail client so it only reads mail in plain text by default and “quarantines” not only the attachments, but also the mail body itself in a separate folder (you are still able, if you want to, to open a mail in a second time in html format, but it’s then a deliberate choice)
-never accept any mail with whatever attachment, even if the sender is said to be your grand-mother: any mail with unsollicited attachment is directly deleted on the server, and when i send myself an attachement, i always report in the mail body its existence, format, name and size.
-of course, set your os to show full extensions.
Concerning spam, and in these conditions, no one shall ever reach your mailboxes, as they are deleted on the mail server.
But it of course does not keep your maiil server to be spammed, and the only efficient way i know for stopping spam is to delete the target mail adress.
I am not sure of what you said about spam: of course, answering, unsubscribing, following a link, downloading the spam and opening it in html format (but, as i said, i never do any of these things including the last) shall have as only effect to raise the spam level.
But “playing the dead” shall have no effect whatsoever and won’t stop the spam to continue for years.
Not even speaking of websites, leaving your mail on a legit internet purchase site (and you have no choice but to do so) is enough in most circumstances, as not only then the said site spams you but, notably with large companies (including cell phone operators and isp) sells its files to anyone on earth.
The only “remedy” is then a “junk mail adress” you won’t even bother to check.
Speaking of virus and in the conditions i stated, the presence of attachments should not be so frequent.
But monitoring them in real time with an AV suffers from multiple inconvenients:
-it might notably slow down your mail client
-it only relies, like with any non-mail file, upon your AV database: it might be not enough, or on the opposite excessive (and, e.g., throwing you out of whatever Word/Excel macro you might need).
-in the event of a false or real positive, it shall quarantine the culprit, making (like for any other file) a real hassle of accessing and cleaning the said quarantine folder.
These reasons lead me to think that, if you want to check whatever attachment not directly deleted on the mail server, but about which you remain however dubious, you should treat it exactly like any other non-mail file: save it to a specific folder outside of your mail client, and then scan this dubious file before opening it.