On my personal network, I manage a limited amount of outbound traffic. Other than just traffic shaping outbound traffic by bandwidth, the only outbound traffic I govern is Email. I don't
prevent malware transmission outbound, I merely eliminate spambots:
I block outbound SMTP traffic except for known, permitted MTAs, operated by my ISP or by other contracted Email service providers, such as DynDNS's mailhop.org. I route outbound traffic through a local MTA. Initially I did so with the intent of filtering outbound Emails with SpamAssassin, but later dropped that idea without implementing it. I did not want to deal with the delays and management complexities of false positives. Now I merely monitor /var/log/maillog for outbound traffic loads. The monitoring tool I use is grep(1) | less(1).
The only time I had a problem with excessive traffic it was due to repetitive Emails caused by a full partition, not any sort of comprised system.