In that case, MS Outlook would also be detected as a virus (I know, it may be correct, actually ;D). How do you distinguish “legal” mailing code from malicious? Besides, the mailing code may be crypted or packed by an obscure packer…

The problem is that “never” is never 100% correct here. First, even if 200kB may be rare today, it won’t be in a short future; second, even today there are worms that e.g. append some files/data after their main file - so they can be rather long.