Try raising "Maximum Message Size to Scan", in IPAS settings. 131072 bytes should be enough. As this could represent some impact to your C 100 performance, if you think this could not be applied, please call IronPort Customer Support
Also suggest any missed spam messages are submitted to the Customer Support team. Pls send these manually or using the plugin's for Outlook or Lotus Notes so that the headers are preserved. This will allow IronPort to look at what is being missed and deal with them. However IPAS is 97% accurate so some new/early spam is always going to be missed :(
Did you check the headers to insure that they came from IronPort?
I've run into several customer installs that had port 25 open to other mail and OWA servers that were either no longer or never published MX records that spammers found over time and it creates a backdoor for spam entry.
Double check the Received line in the headers to verify it came through the IronPort and forward all false negatives to firstname.lastname@example.org.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...