I don't quite understand what you mean - the 20MB file would stand out on a mail server? I find that unlikely, unless they're running OpenBSD. Is the 20MB file attached to mail messages? That also seems unlikely, if only because that's a really stupid way to design a virus.
The reason it's a stupid way to design a virus currently is because that was one of the primary attack vectors in the past. Yes, most decent mail systems will protect against this. But some might not -- might as well use what's worked in the past as well as other options.
Also, what if the mail component were used to hide/archive the virus? Hide a virus attachment from someone to themself, then have some bootstrap code (Outlook/email client exploit, perhaps) that loads the email archived virus back onto the comp.
