What is your anti-virus software? Are there any attachments to those messages? What exactly does your anti-virus find or is complaining about?

Note, anti-virus software is known to corrupt Thunderbird mail files. Therefore make sure you do have a full backup of your Thunderbird profile before it's too late. https://support.mozilla.org/kb/profiles-where-thunderbird-stores-user-data#w_backing-up-a-profile

Thanks for your reply.

I have Windows Security.

The messages just have "***INFECTED*** Your statement is here" as the Subject, "WARNING: contains virus Heuristics.Phishing.Email.SpoofedDomain" as contents, and the actual contents as attachments.

The anti-virus doesn't detect a threat.

Does that help?

I have Windows Security.

Presumably that means Microsoft Defender. It helps giving precise information.

Your statement is here" as the Subject, "WARNING: contains virus Heuristics.Phishing.Email.SpoofedDomain" as contents, and the actual contents as attachments.

Who or what has generated this message? Is that a message from Windows Defender? A screenshot may help. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

Or is this an actual email you have received? If so, from whom?

Sorry if that's not precise enough, but my virus software is only labelled 'Windows Security': see my screenshot. These are genuine emails from my credit card provider: see second screenshot.

It looks like your Windows Security has got nothing to do with it. Most likely the message was scanned on your email provider's server. The server created a new empty message, added the warning as well as the ***INFECTED*** banner to the subject, attached the original message from your credit card provider to the new one, and sent it off to you.

Were you able to see the original message from your credit card provider at all?

You may login to your email account via web browser and check whether you can turn on or off some settings about malware scanning. If that doesn't yield anything check with your email provider what exactly they are doing.

That sounds likely, thanks. It did start when I changed email provider. I don't think I can change anything there myself, so I'll get onto them.

Yes, the real message is there, complete, in the attachment.

Are you certain that email was actually from Barclaycard or from someone abusing the barcalycard email address? Suggest you check the 'View Source' - headers etc as the email content may look real but contain links to somewhere that is nothing to do with Barclaycard.

That hadn't occurred to me, but luckily the contents of the attachments are exactly the same as the contents of the regular message before they went wrong, with a reassuring bit of personal data and no dodgy button labelled 'click here now to confirm your account' or something, and and there's nothing suspicious-looking in the full headers. So thanks very much for prompting me to look.