Rewrite Subject for Virus emails


I am using some third party ClamAV signatures and sometimes I get some false positives.
I would like to change the default behavior silent drop of such emails to rewriting of the subject, like it is done with spam emails.
No matter how much I have searched I could not find how to accomplish this.

Anyone has any tips on how can I rewrite the subject to lets say [VIRUS]+ Actual subject and allow virused messages to pass through, without the attachment?

Thank you


I’m not aware of a way to do that within ClamAV. Normally, infected emails would just be blocked outright.

One way to achieve that might be to use procmail to check for the “X-Virus-Status” header in /etc/procmailrc, and if it’s set to “Yes”, you could use another tool such as “formail” in order to alter the message subject.


Thank you very much for your reply.
I will try to read more about procmail and formail