The Disarm feature in Messaging Gateway may not detect and remove certain malicious code.
Symantec is aware of this problem and is currently working to develop a fix for it.
Please subscribe to this article to be notified upon any changes to it.
Meanwhile, please ensure that the Messaging Gateway is using all of the other possible ways to detect and block the malicious files.
More information on this feature is available in the product's administration guide and the following public article: About Customer Specific Rules creation methods