ClamAV detection does not trigger Amavis virus action

Dominic Raferd dominic at
Tue Dec 18 08:02:55 CET 2018

I use ClamAV (with SaneSecurity addons) as my primary (and only) antivirus
scanner under amavisd-new-2.11.0. I have always assumed that if ClamAV
finds something, Amavis will take the defined 'virus action' (in my case
this is to block i.e. discard the mail), but I now find this is not
necessarily the case:

In this case the infected mail is blocked:
2018-12-17 12:13:41 vps1 clamd[1081]: Mon Dec 17 12:13:41 2018 ->
MBL_20559167.UNOFFICIAL(00000000000000000000000000000000:552) FOUND
2018-12-17 12:13:41 vps1 clamd[1081]:
MBL_20559167.UNOFFICIAL(00000000000000000000000000000000:552) FOUND
2018-12-17 12:13:41 vps1 amavis[20069]: (20069-10) Blocked INFECTED
(MBL_20559167.UNOFFICIAL) {DiscardedInbound}, INCOMING
[]:54896 [] <billing at> -> <
tricia at>, Queue-ID: B2F163E85E, Message-ID: <
2d07b915e16bccc0ef2a9ccf3bf78d8195e80cf6 at>, mail_id:
kFYoqSLUSVWw, Hits: -, size: 2602, 194 ms

But in this case it isn't:
2018-12-16 13:49:14 vps1 clamd[1081]: Sun Dec 16 13:49:14 2018 ->
2018-12-16 13:49:14 vps1 clamd[1081]:
2018-12-16 13:49:16 vps1 amavis[18225]: (18225-19) Passed CLEAN
{RelayedInbound}, INCOMING []:60070 [] <
01010167b7102d87-3d5db8e0-1b25-4732-87c9-66ceaa6499c1-000000 at>
-> <phil at>, Queue-ID: C4E973E8CA, Message-ID: <
01010167b7102d87-3d5db8e0-1b25-4732-87c9-66ceaa6499c1-000000 at>,
mail_id: K3LXdSUItskO, Hits: 2.951, size: 57240, queued_as: 701F63F9AE,
2264 ms

Any ideas as to why the difference? Is this intended behaviour and if so is
it wise and can it be changed? My relevant Amavis settings are:

$virus_quarantine_method = undef;
$banned_files_quarantine_method = 'local:banned-%m';
$spam_quarantine_method = 'local:spam-%m';
$bad_header_quarantine_method = undef;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the amavis-users mailing list