I have similar issues with a Bank using an external service based on Amzws server for vault document exchange. The emails are really comparable to a phishing campaign with no or little respect for rfc. I choosed not to do any exception because i would be more at risk using this service. They could easily fix that on their side in your case https://www.authsmtp.com/smtp-error-codes/250-virus-scanned-email-discarded.html
or just disable the specific signaturehttps://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
won't work https://portal.smartertools.com/community/a1225/how-to-disable-a-specific-clamav-scan.aspx#127463