If you see error like this in your mail logs, than chances are that your ClamAV is not able to process attachments files larger than limit set in clamav configuration. In this case, sender which sent email with larger attachment to your server, will get something like this in respond:
[10.10.10.10] #<[10.10.10.10] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] 451-'Temporary local problem - please try later' (delivery attempts: 75)> #SMTP#
In your mail log you’ll see something like this:
+++ 1e248B-000NMy-T6 has not completed +++ 1969-08-15 01:40:21 1e248B-000NMy-T6 malware acl condition: clamd : unable to send file body to socket (127.0.0.1) 1969-08-25 01:40:21 1e248B-000NMy-T6 H=some.hostname.com [18.104.22.168] X=TLSv1:RC4-SHA:128 CV=no F=<firstname.lastname@example.org> temporarily rejected after DATA
To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.
Don’t forget to restart your ClamAV.