Reject virus email instead of trash silently

Hi, I hope you are well.
I noticed virus email are just silently trashed for incoming and out-coming email.
I’m asking if there is a way not to hard to decide to reject those email instead of silently trash.

If I send a not allowed email I want know that this email is blocked and not sent instead of get no warning. Also if someone send an email and this email is not delivered, I would prefer a message inform the sender.

I tried to configure amavis but without success.
The only success I have is see a delivery status notification only for internal email so if I send an email with a eicar virus test as attachment but if an email is an external email is not rejected.

I uninstalled amavis

Mail Options->Spam And Virus Delivery

That would break Virtualmin’s management of email processing. You’re certainly welcome to do so, but we can’t help with that.

There is no way to reject virus email instead of silently trash it?
Would you consider to support this in the future?

You’re telling me you don’t see an option to choose a delivery destination for viruses, other than trashing it? (I don’t have any servers that have virus scanning enabled, but as far as I recall, you can choose delivery for viruses just like for spam.)

The issue is that without be able to reject virus email who send an email and get email blocked never receive the Delivery Status Notification with the virus motivation.

Also if I send an email that is flagged as virus (for example with the Eicar string) I think is delivered because no error, the server accept the email without alerting me that will be not delivered.

Big provider like Google never allow you to send a virus email because is stopped in the moment you try to send it so you know the mail is not delivered for an issue. Also if someone send a virus to a Gmail address will receive a Delivery Status Notification that inform the email is not delivered.

Spam can be checked by me in the spam folder but virus mail are not monitored so I’m trying to have virus email rejected.. so I don’t think redirect the delivery destination would be useful.

Postfix will accept the virus email and pass it to ClamAV that detect a virus and delete the email.
For the sender no delivery status notification will be sent.

What you are looking for is probably to reject it at smtp time. Postfix holds it until checked before ‘officially’ receiving it.

Most of us simply want spam and virus emails to disappear. Most of them won’t accept replies back anyhow. That isn’t how they work. After they push it out they don’t want it either.

Yes I’m try to see if there is or will be a way to reject virus email at SMTP for outgoing and also ongoing email so:

• who send a virus email from the domain email cannot send it and know the email has not been sent and will be not delivered
• if someone send an email with a virus will have it rejected with a Delivery Status Notification so it will know the email has not be delivered

That’s not possible in a standard Virtualmin configuration, as Postfix has already delivered the email to Procmail by the time ClamAV sees it.

Procmail can reject email, though. I guess our UI doesn’t accommodate that.

If delivery to a virus mailbox isn’t acceptable, then you would need to do something custom, I guess. I don’t think anyone has ever asked to do anything with viruses…

I tested and found my Avast blocked me sending at the moment I tired to send. I turned off Avast for 10 minutes, and was able to send then I got a return email from google.

Maybe its your virus scanner doing that?

Thank you for the reply.
I’m not a developer so I’m not extremely expert in server and in programming but I have a sort of passion.

I checked and I can see Proctmail is used … I was not aware of this.
As you say maybe there is a custom way to customize and ask to Proctmail to refuse a virus email after Postfix accept it.

How Procmail Works

Procmail only works during local delivery.

It cannot reject emails during the SMTP session.
This means that Postfix must first accept the email.
Only then can Procmail decide whether to save, move, trash, or generate a bounce.
In practice, if you try to use Procmail for viruses:
The email enters the server (Postfix receives it).
Procmail analyzes it and rejects it if it contains a virus.
The sender will receive a bounce after the email is accepted.

With Milter (example Milter ClamAV) , however, the SMTP rejection is immediate, the sender receives the rejection message immediately, and the email does not enter the server.

The following is a supposition, not sure it will works:
Virus rejection example with Procmail + ClamAV

:0
* ? clamscan --stdout --no-summary - < $RECIPIENT
{
    LOG="Mail refused: virus detected"
    EXITCODE=67
}

The email is passed to clamscan.

If ClamAV detects a virus → EXITCODE=67 → Postfix generates bounces.

Problem: All emails go through Procmail and ClamAV for delivery → less efficient than a Milter that blocks everything at the SMTP level.

Conclusion

Pros: You can reject emails and generate bounces without Milter.

Cons:

Post-delivery rejection (mail enters the server).

Requires writing rules and wrappers for all viruses.

More complex and less efficient.

Verdict: If you want security and immediate bounces, Milter ClamAV is the best choice.
If you just want additional filtering on local emails, Procmail can be used.

Maybe I have to keep as is now: virus email silently deleted or should try with a Milter but this can be risky as I’m in a production server.

Thank anyway for your reply, time and help

You should never use clamscan for scanning email. You will instantly overwhelm your server. ClamAV is huge and takes as much as a couple of minutes to start, and using clamscan means you start a new ClamAV instance for every email.

clamdscan is the scanning client that uses a clamd server for processing.

But, yes, otherwise, you could add a custom Procmail rule for the virus processing. You should disable the Virtualmin virus scanning if you’ll be adding your own custom rule for it.

All emails already go through Procmail and ClamAV for delivery, if you have enabled antivirus scanning. AV is heavy, so I personally don’t use it anymore, but as long as you have a big enough server and use clamdscan, you should be fine.

If one setup of clamscan is bad and should not be used ,why does virtualmin have an option for it, maybe consider removing it.

Yes, see “System Settings ⇾ Virtualmin Configuration: Spam filtering options” page and its “Default delivery for viruses” option.

Hi Ilia,
thanks for the answer. I can see there are different options but I cannot choose to reject virus email.

Rejecting isn’t an option. It’s not possible. We need to scan it first to know if it’s a virus; or what are you asking?

Currently I understand refuse virus email is not supported without custom edits.
Maybe if I want this I need try with my risk to setup a Milter ClamAV that reject email before passing to Postfix. Will be nice to be able to refuse virus email in the future directly from the Virtualmin panel but I understand that this seems to be not a much discussed feature and seem I’m the first about asking of refusing virus email.

We have an option to configure the default delivery for viruses, which is to either throw them away or deliver them to a preferred location.

This can be configured in Virtualmin Configuration, e.g.:

image2058×1142 364 KB

Yet, I don’t understand how you can do it before the file is received since it has to be scanned first?

How virus emails can be rejected immediately

I’d like to clarify how it is possible to reject emails containing viruses before they are fully delivered.

With a ClamAV Milter integrated into Postfix, the process works as follows:

SMTP connection initiated: The sender connects to Postfix to send a message.
Milter scanning: Postfix passes the incoming email to the ClamAV Milter during the SMTP session, while the sender is still connected.
Immediate rejection if infected: If the Milter detects a virus, it instructs Postfix to reject the email immediately with an SMTP error code.
No delivery occurs: The infected message is never written to disk or delivered to any mailbox. The sender receives a bounce immediately.

This differs from approaches like Amavis, where Postfix often accepts the email first and then pipes it to the scanner. In that case, the bounce occurs after acceptance, not during the SMTP session.

Implementation considerations:

Install and configure clamd (ClamAV daemon) to keep the virus database in memory (if is not yet present)
Install clamav-milter and configure Postfix to use it via the smtpd_milters directive in main.cf.
Set the rejection message to inform the sender that the email contains a virus (the error message can be customized).
Ensure proper socket permissions so Postfix can communicate with the Milter.

I’d like to clarify how our server handles incoming emails with the **default Virtualmin/Postfix setup:

SMTP acceptance: When an external sender connects, Postfix accepts the email first.
Virus scanning: The email is then passed to the configured scanner (e.g., ClamAv or local Procmail rules) for virus checking.
Handling infected emails:
If the scanner detects a virus, the email can be moved to a special mailbox or discarded, depending on the Virtualmin configuration options.
Because Postfix has already accepted the email, the rejection happens after delivery, typically as a bounce or by discarding the message silently.
Clean emails are delivered normally to the recipient’s mailbox.

Key point

In the standard Virtualmin setup, it is not possible to reject a virus email immediately during the SMTP session**, because the email must first be received and scanned.
The options Virtualmin provides (“discard” or “deliver to preferred location”) apply post-delivery, not at the SMTP level.

This setup allows immediate rejection of virus-laden emails while keeping the server efficient and safe, without overloading it with separate ClamAV processes for each mail.

What’s the advantage of doing that over what we’re doing?

The main advantage of rejecting virus emails during the SMTP session (using a Milter like ClamAV Milter) compared to the standard Virtualmin setup is timing and server efficiency

Immediate rejection
With the standard setup, Postfix accepts the email first, and only then it is scanned.
This means the server temporarily stores the message and must handle it even if it is infected.

Reduced resource usage
Incoming infected emails consume disk space, CPU, and memory before being discarded.
With an SMTP-level Milter, infected emails are rejected immediately, never written to disk which is more efficient.

Clear feedback to sender
A Milter allows Postfix to send a real-time rejection message with a custom explanation.
In the standard setup, the sender only gets a post-delivery bounce, which is delayed and less reliable.

Security
Rejecting emails before they touch the mailbox or spool reduces the risk of accidental execution or propagation of malware.

Standard Virtualmin configuration works fine for handling viruses post-delivery, but **SMTP-level rejection is faster, more efficient, and safer. It ensures infected emails are blocked before ever being stored, providing immediate feedback to the sender.