We were able to re-create and capture a trace when the error occured. We worked with Syamantec and Cisco and Cisco is working on a hotfix scheduled to be released in early October, 2014. defect #CSCzv55504
While it is a bug in Cisco's IronPort product, the trace also showed that Symantec is sometimes only sending 1 byte of data in a TLS packet which causes the issue. This is not illegal according to the TLS specs, but it is not optimal. They may be looking into that.
Hope it helps. I would make the setting to "Allow bare CR/LF" in IronPort in the meantime.
Bob.