Virus notification to internal sender.

Mark Martinec Mark.Martinec+amavis at
Sat Jul 5 14:13:37 CEST 2014


> I have enabled PUA in ClamAV.  Sometimes our employees send PDF
> documents to internal users and it gets detected as PUA and the
> recipient gets a message that VIRUS PUA was found and hence blocked.
> I want to enable notification to internal sender also along with
> recipeint (the email id belongs to our own domain).  Is it possible?  If
> yes, what should be the parameters which I need to enable in amavisd?

To let a sender get a non-delivery notification on a blocked virus,
you need to set $final_virus_destiny to D_BOUNCE. As this is
not wise as a global setting, but possibly useful for messages
originating from inside (although even internally originating
mail from infected machines can have a fake sender address),
the way to do so is to change final_virus_destiny in a policy
bank, but leave a global setting at a safe D_DISCARD or D_REJECT
or D_PASS.

Something like this:

@mynetworks = qw( [::1] [fe80::]/10 [fc00::]/7
   # ... list all your networks here

$final_virus_destiny = D_REJECT;

$policy_bank{'MYNETS'} = {
   final_virus_destiny => D_BOUNCE,

If there are authenticated users submitting mail from remote
IP addresses, instead of relying on @mynetworks and MYNETS
you need to use a port-based policy bank and configure
MSA to pass authenticated submitted mail to a dedicated
TCP port of amavisd, where a policy bank (often called
ORIGINATING) could be activated.


More information about the amavis-users mailing list