final_virus_destiny D_REJECT

Rob McKennon rmckennon at
Fri Apr 1 22:14:19 CEST 2016

On 04/01/2016 03:51 PM, lists at wrote:
> On 2016-04-01 1:35 pm, Rob McKennon wrote:
>> Hello,
>> We are setting up Amavis and Clamav to detect credit cards coming into
>> our email, and it's working.  However, it's returning the original
>> email to the sender, which also contains the credit card numbers.
>> Receiving the credit card numbers is bad enough, sending them back out
>> again violates PCI. Is there a way to reject the email without
>> returning the original email content?  Below is a returned email with
>> test numbers as an example.
>> Thank you,
>> Rob McKennon
>>                   The mail system
>> <xxxxxxxxxx>: host[] said: 554 5.7.0 Reject,
>> id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
>> reply to end of DATA command)
>> Final-Recipient: rfc822;xxxxxxxxxxxxx
>> Original-Recipient: xxxxxxxxxxxxxx
>> Action: failed
>> Status: 5.7.0
>> Remote-MTA: dns;
>> Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
>> Heuristics.Structured.CreditCardNumber
> I removed your test numbers since anyone with DLP turned on might not 
> get the email.
> I'm using the following which just discards the message: 
> $final_virus_destiny      = D_DISCARD;
> But it would be nice to be able to strip out the CC or SSN numbers and 
> send the message on to the recipient.
Good catch with the DLP, I didn't think about that!  But D_DISCARD I 
don't think is an option.  We need the originator of the message to 
understand that we rejected the mail because it contained credit card 


More information about the amavis-users mailing list