The log message includes the list of envelope recipients for the message. That means it also includes BCC-recipients, which might pose privacy problems.

  warn    spam        = nobody
          add_header  = X-Spam-Status: spam\n\
                        X-Spam-Score: $spam_score
          # ...
          log_message = Spam received: score=$spam_score; sender=$sender_address; recipients=$recipients

Log parse example:

grep 'Warning: Spam received:' /var/log/exim4/mainlog | sed 's/^.* score=\(.*\); sender=\(.*\); recipients=\(.*\)$/\1\t\2\t\3/'