Symantec Messaging Gateway (SMG) delivered an email message containing malware. This message's malicious attachment may have infected the endpoint or been caught by the Symantec Endpoint Protection (SEP) client installed locally.

One likely cause is that the SMG definitions do not yet detect the threat.  By default, LiveUpdate only delivers one new set of definitions per day. On some Symantec products, like Symantec Endpoint Protection, certified definitions are released up to three times per day.

Enable SMG's Rapid Release at least a couple of times per day for additional protection against thousands of the latest known malicious samples currently in circulation.  

• In the SMG Control Center, check that the antivirus definitions have been updated. Navigate to Status > Dashboard.
• Verify that you have the latest antivirus definitions for SMG.  See Virus Definitions & Security Updates.
• In the SMG Control Center, verify that the current license is valid. See Viewing license statuses.
• In the SMG Control Center, check if antivirus policies are Enabled under Administration > Policy Groups.
• In the SMG Control Center, check which antivirus policies are assigned to groups with the Assigned to Groups column under Administration > Policy Groups.
• Enable the Rapid Release definitions to be more aggressive against viruses. See Obtaining definitions when a new, emerging threat is discovered.
• Submit a sample of the missed virus to Security Response. For details, please see Symantec Insider Tip: Successful Submissions!
• In the Message Audit Log, check the verdict and untested verdict for the infected email.
• Check Scanner logs for errors which occurred at the time the message went through the product.