I am using some third party ClamAV signatures and sometimes I get some false positives.
I would like to change the default behavior silent drop of such emails to rewriting of the subject, like it is done with spam emails.
No matter how much I have searched I could not find how to accomplish this.
Anyone has any tips on how can I rewrite the subject to lets say [VIRUS]+ Actual subject and allow virused messages to pass through, without the attachment?
I’m not aware of a way to do that within ClamAV. Normally, infected emails would just be blocked outright.
One way to achieve that might be to use procmail to check for the “X-Virus-Status” header in /etc/procmailrc, and if it’s set to “Yes”, you could use another tool such as “formail” in order to alter the message subject.