Great! Works like a charm:
acl_check_content:
require verify = header_syntax
# Reject virus infected messages.
deny message = This message contains a virus or other harmful
content ($malware_name).
hosts = !+relay_from_hosts
malware = *
# Reject certain subjects
deny message = Blocked due to unwanted subject line.
condition = ${if and{\
{def:header_subject:}\
{match{$header_subject:}{${readfile{/etc/exim/subjects_reject}{|}}(?!)}}\
}{1}{0}}
log_message = Blocked by subject line (subject=$h_subject:)
accept
