This spam is not from a scanner, but it is instead a simple forgery with a malicious attachment:
From: email@example.comThe email appears to come from the victim's own domain, but it does not. The "From" address on email is extremely easy to forge. So far I have seen three different malicious attachments, each one in the format firstname.lastname@example.org_20150826_181106.doc with detection rates of around 7/56    containing one of three malicious macros    which attempt to download a malicious component from one of the following locations:
Date: 19 May 2014 at 18:11
Subject: Scanned image from MX-2600N
Reply to: email@example.com [firstname.lastname@example.org]
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set
File Format: DOC MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in DOC format.
Use Microsoft(R)Word(R) of Microsoft Systems Incorporated
to view the document.
This malicious binary currently has a VirusTotal detection rate of just 2/54. Automated analysis   shows network traffic to 188.8.131.52 (Hostpro Ltd, Ukraine) which has been used in serveral attacks recently. The payload is almost definitely the Dridex banking trojan.