I checked through the logs and it turned out to be a 365 MB mail message with a file named Paris-DivX505-A.avi. It didn’t take much detective work to conclude that a user was sending out the Paris Hilton sex tape via email! (the use of that term aught to get the hit count up a bit).
I thought that was freakin hilarious. I think the lesson to be learned here is its a good idea to have a maximum message size and enforce it at all levels. Even a very large limit like 100 MB would have prevented this message from being processed by exchange, scanned by trend micro, processed by sendmail before being stopped. This could have been really bad for the infrastructure.