Are you running the SaneSecurity antispam/antimalware definitions in clam? 

If so, any hits will be considered a virus by SM as it does not understand the different between the default clamav defs and the sanesecurity antispam/antimalware defs.

Yes it seems so in newest sm also.

It should be possible for Smartermail to use ClamAV answer to either send to quarantine or junk.
But I guess they dont.

ClamAV log:
Wed Jan 30 15:03:11 2019 -> c:\SmarterMail\Spool\SubSpool4\59910765.eml: Sanesecurity.Scam.12551.UNOFFICIAL FOUND
Wed Jan 30 15:15:08 2019 -> c:\SmarterMail\Spool\SubSpool6\59910826.eml: Sanesecurity.Phishing.Fake.Coin.27521.UNOFFICIAL FOUND
Wed Jan 30 15:20:06 2019 -> SelfCheck: Database status OK.
Wed Jan 30 15:35:40 2019 -> c:\SmarterMail\Spool\SubSpool7\59910945.eml: Sanesecurity.Junk.56698.UNOFFICIAL FOUND

Same issue happen to latest build.

[2020.12.31] 13:41:09.498 [32185783] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).
[2020.12.31] 13:41:09.498 [32185782] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).
[2020.12.31] 14:31:16.787 [32185927] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).

Any update from SmarterMail support? 

Thank you

Do you use Sanesecurity additional definition for ClamAV?

If so try to disable it

The ClamAV integration is pass/fail, fail being it is considered to have a virus even if it is a spam definition triggering.

Same issue here since at least the late December 2020 or early January 2021 builds; too many legitimate messages are quarantined by ClamAV. It seems almost any email delivering account information (such as a credit card company message which shows the last few digits of a card number for verification to the recipient). 

It's to the point where we may have to disable ClamAV entirely.