When Threat Extraction blade finishes scanning of an attachment inside an e-mail before Threat Emulation blade finishes the emulation process, the Mail Transfer Agent (MTA) passes the e-mail as-is.
This generates the "Detect" log, as there was no actual file to "Prevent".