There can be differences in what malware variants anti-spam systems distinguish
For reasons beyond the scope of this entry, we're currently using ClamAV in parallel with our current commercial filter, running incoming email past both of them. In keeping an eye on our logs, one of the interesting things I've noticed is that sometimes, one system will report that several messages are all malware X while the other system thinks that the messages have different malware in them.
That's abstract, so let me make it concrete. Recently, PureMessage recognized what it called 'CXmail/OleDl-BI' in five messages. Meanwhile, ClamAV recognized 'SecuriteInfo.com Malware XML.Autoload-1' in two and 'Porcupine Win32 Exploit CVE-2017-11882 C 84612' in three. All five messages had .xlsx attachments; in the emails where ClamAV recognized XML.Autoload we could determine file extension information in the ZIP archives, but in the other three we could not.
ClamAV's signature formats are documented, so it's possible to examine ClamAV's signature database and determine that the CVE-2017-11882 match is based on a specific MD5 hash (I believe of a 471040 byte object), while the XML.Autoload-1 match is based on finding certain text near the end of a 'text' file or object (I suspect that this includes individual files in a ZIP archive, but I don't know for sure). PureMessage's matching is a black box.
This difference doesn't mean that one system is better and one is worse here; we don't have anywhere near enough information to say either way. This could be one single sort of malware, which PureMessage is recognizing some deep characteristic of while ClamAV is recognizing two different superficial signs, depending on how the malware has packed itself. Alternately, it could be two somewhat different types of malware, which ClamAV is distinguishing apart while PureMessage is matching on some common feature.
(Sophos's information page on CXmail/OleDl-BI says that it occurs in both password protected Microsoft Office 2007 documents and regular Office ones.)
I find all of this interesting, and it's a useful reminder to me that no two malware filtering systems are going to behave exactly the same even when they both recognize that something has malware.