for various mail filters
Amavis needs to pass the entire message body, unmodified, to ClamAV. This is accomplished via
$bypass_decode_parts = 1;
Alternatively, when $bypass_decode_parts is left at false, it is still
possible to let a full original mail message reach a virus scanner by adding
a match on 'MAIL' into @keep_decoded_original_maps, e.g.:
qr'^MAIL$', # retain full original message for virus
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
may find that you already have a '^MAIL$' token in there, but
commented out by default. Uncomment it, restart amavisd-maia,
and the full, undecoded body of the email will be scanned in
addition to the attachments.
more information on the above, see
The side effect of this is that the mail will be virus scanned
twice; once for the whole message, and again each decoded part.
Make sure the entire message is being scanned (MailScanner.conf)
ClamAV Full Message Scan = yes
make sure the clamd.conf line, contains the default line:
and you may also need the following patch (which will be included
in the next version of MailScanner:
2009-01-11 19:27:02.000000000 +0000
+++ SweepViruses.pm 2009-01-25 16:24:33.000000000 +0000
@@ -2724,6 +2724,8 @@
$file =~ s/^(.\/)?$BaseDir\/?//;
$file =~ s/^\.\///;
my ($id,$part) = split /\//, $file, 2;
+ # JKF 20090125 Full message check.
+ $part = "" if $id =~ s/\.(message|header)$//; # Only log the
whole message if no attachment has been logged
You need to make sure the "--redundant yes" option is enabled
- which makes Qmail-Scanner pass the entire message to AVs for scanning.
Only the body is scanned by default, unless you call md_copy_orig_msg_to_work_dir()
just before the call to message_contains_virus().