When Mailscanner scans your email, if it finds a problem, it may (depending upon your MailScanner settings in cPanel) automatically prepend the subject line of an affected email with one of the following strings:
{Disarmed} - indicates that the email contained html tags that are considered dangerous, e.g. iframe and form tags
{Virus?} - indicates that the email contained a virus and has had the attachment removed.
{Filename?} - indicates that the email contained a dangerous file attachment which has been removed.
{Fraud?} - indicates that the email contained HTML code that was identified as a phishing attack and was disabled by MailScanner.
{Spam?} - indicates that the email is likely to be spam - you should filter these emails into a separate folder in your email client.
{Definitely Spam?} - indicates that the email is almost definitely spam because it got a very high detection score - you should filter these emails into a separate folder in your email client.
