Norton AV makes wait headers similar (but not identical) to what you see when it is scanning outbound mail for a virus, as I recall. I suspect this is something similar, but I don't recognize the header.
Do you have user rules enabled? If so, check your syslog for an insecure
dependency warning from SA when this message was processed. Somehow if you
get one of those it is guaranteed that SA won't scan the message, at least
using procmail.
Loren
