I think the AV Scanning of ME doesn't do much at the time of scan (if you are just returning a result). Everything happens from the filters.
Probably, creating an advanced filter would help. I have something below that may help you with the programming. You could probably change the end statement to a ---> CriteriaMet([ME_TOorCC],"Value") rather than authenticated (this is testing for whether something is marked up as spam and not detected by the AV but is skipping if it is an authenticated user).
Scott
-----------------
FilterResult=0
MEResultData=""
MEResultData1=""
MEResultData2=""
MEResultData3=""
If CriteriaMet([ME_HASVIRUS], 1) Then
MEResultData1 = "ClamAVDetected"
Else
MEResultData1 = "ClamAVNotDetected"
End If
If CriteriaMet([ME_HEADERS_CONTAIN],"*X-Spam-Status: Yes*") Then
MEResultData2 = "HasSpam"
End If
If (MEResultData2 = "HasSpam" and MEResultData1 = "ClamAVNotDetected") Then
FilterResult=1
End If
If CriteriaMet([ME_SENDERAUTH], 1) Then
FilterResult=0
End If