Reviewing the Messaging Gateway (SMG) Message Audit Logs (MAL) shows that comma seperated value (CSV) files are not sent to Threat Defense / CAS for analysis.
CSV files are text documents which are not sent to CAS for analysis and are automatically exempted from Threat Defense scanning.
This is expected behavior and intended to reduce load on the Threat Defense infrastructure. The CSV content is still scanned for malware and macro content by SMG malware and disarm scanning but cannot be sent to Threat Defense.
This is currently under investigation by Symantec for a potential product change.