Norton AV makes wait headers similar (but not identical) to what you see when it is scanning outbound mail for a virus, as I recall. I suspect this is something similar, but I don't recognize the header.
Do you have user rules enabled? If so, check your syslog for an insecure dependency warning from SA when this message was processed. Somehow if you get one of those it is guaranteed that SA won't scan the message, at least using procmail. Loren