I scan my system with maldet and as usual, it will send report to my own email address, but Amavis bans it with action DISCARD(bounce.suppressed). I get this record from the mail.log. It also quarantine it in the directory /var/lib/amavis/virusmails/I/. How do I correct it? My system is ISPConfig 3.1.2, Ubuntu 16.04. Maldetect 1.6.
Take a look at the headers to see why it gets banned and then either change the scores for the rules or alter the maldet email so that it does not gets filtered.
The header contains this line -------------- X-Amavis-Alert: INFECTED, message contains virus: {HEX}Malware.Expert.PhpConfigSpy.0.UNOFFICIAL -------------- maldet just reports this to me, not the actual virus. ISPConfig 3.05 does not report it falsely.
Neither ISPConfig 3.0.5 nor ISPConfig 3.1.2 is reporting this as ISPconfig is not involved in mail scanning at all. What you posted above is that ClamAV is reporting that the email contains a virus and therefore amavis put it into the quarantine directory.
OK then. Any method to whitelist a certain sender in clamav, amavis or ispconfig 3.1.2? If maldet report is not whitelisted, it can't alert me when it finds real malware.
And if this won't work, then you can try to create a separate mailbox for receiving such reports where you allow to receive viruses.
I have tried but it never works. It does not exclude outgoing mails. What you have implemented works for incoming mail only, I guess. I have also tried clamav-milter but I can't make it exclude outgoing mails.