Symantec Messaging Gateway (SMG) delivered an email message containing malware. This message's malicious attachment may have infected the endpoint or been caught by the Symantec Endpoint Protection (SEP) client installed locally.
One likely cause is that the SMG definitions do not yet detect the threat. By default, LiveUpdate only delivers one new set of definitions per day. On some Symantec products, like Symantec Endpoint Protection, certified definitions are released up to three times per day.
Enable SMG's Rapid Release at least a couple of times per day for additional protection against thousands of the latest known malicious samples currently in circulation.
In the SMG Control Center, check that the antivirus definitions have been updated. Navigate to Status > Dashboard.