I noticed that emails are scanned by ClamAV, viruses are detected and logged, but no action is taken because the Code: action = "reject"; is commented out in /etc/rspamd/local.d/antivirus.conf. I am using /usr/local/ispconfig/server/conf-custom/install/rspamd_antivirus.conf.master to override the default configuration. However, is there a specific reason why there is no action taken by default? Are there any potential implications that I may not have considered? (*EDIT sorry for posting in wrong forum, it was ment to be in ISPConfig / Install/Config...)
There might be regulations where you must not delete any email. Some also prefer to setup moving those to an assesment folder to check for false positives or other reasons. This is a a small change but can have high consequences, so it is probably up to the system administrator to decide what to do with that.
'reject' means the message will not be accepted, leaving it up to the sending client to decide how to handle it. Perhaps the issue lies with 'backscatter' attacks, given that the sender address is spoofed...?
Still it would matter what company policy you have or if you need to obey any regulations of authority. And agin, it should be the administrators choice. Granted, it could be an option to ease things, a question during setup or whatever at least. I just put some valid reasons not to reject by default
This is configured this way to not automatically reject a mail just because clamav detected a virus, because that is not want we want in every case. You can for example configure that a user "wants viruses" and when you configure the module itself to always reject when the clamav detect something you don't have any control over this behavoir anymore. So yea on first thought i makes sense to reject a virus mail, however if you want the user to be in control of the spamhandling for his mailbox/domain and he checks "wants virus" then he should be able to.