It can happen because some spam contains characters that is not identified by antispam program's detection or rules.

It's annoying of course and disappointing that a spam slips-in but nowadays, spammers aren't sleeping. They do many and new strategies to try to defeat any antispam programs or antispam solution.

I suggest to just delete the unwanted spam (without opening the message) if 1 or 3 get through.

Risky of course if the user download, view, click or execute anything from the spam message. Hopefully the messages don't have virus or any malware on it. This is why the recommendation is to delete email from the server instead of downloading it.