Cisco IronPort has identified a SPAM Outbreak with Subject "Here you have" and has published IronPort AntiSpam rules to protect from these messages.
If you notice the messages bypassing your Email Security Appliance, please verify that these messages are being scanned by IronPort AntiSpam via Message Tracking or Mail logs.
If these messages are not being scanned by IronPort AntiSpam due to Whitelisting or Policy exceptions, you can create an incoming content filter to catch these messages.
For additional information, please refer the KB article # 1629 below.
Please feel free to contact Cisco IronPort Customer Support if you need additional assistance.
Cisco IronPort Customer Support