Hi, 

Does anybody find out that existing mail filters with defined action: 

skip-spamcheck();

 Are not working if the new engine is triggered an the verdict is Positive?

The log for one message, for a sender present in custom defined dictionary looks like:

scanned by Anti-Spam engine: ThreatScanner. Final verdict: Positive
Message matched per-recipient policy Policy for inbound mail policies.
Message size 1037099 exceeds max size 524288 for Anti-Spam scanning by Outbreak Filters
Message scanned by Anti-Spam engine: ThreatScanner. Interim verdict: Positive
Message scanned by Anti-Spam engine: ThreatScanner. Final verdict: Positive
Message scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN
Message scanned by Anti-Virus engine. Final verdict: Negative
Message queued for delivery.
(DCID ) Delivery started for message to xxx to offbox Spam Quarantin
(DCID ) Delivery details: Message sent to xxx delivered to external ISQ.

How can we deal with that situation? Previous "white-listing" is working intermitently....

Also i've discovered Spam Email categorized as positive by ThreatScanner - simple pdf files, but with no extension. After analyzing them with 3 different AV solutions we discovered that files are OK, safe to open. The files are automated medical results sent to customers.

We've already check documentation but not find any clues about ThreatScanner actions in message filters.

Thanks for analyzing and reporting that behaviour to responsable team, I've found already existing topics in another region of comunity with incidents in mail delivery after upgrade to 15.0.0-104 version.