In the Spam and Virus delivery section of Server Configuration are settings to determine what to do with emails identified as viruses. The options for viruses are:
Throw away Write to standard virus file ~/mail/virus Write to standard virus Maildir ~/Maildir/.Virus/ Write to mail file under home directory Forward to email address Write to other file
I have set it to write to a file and to write to the Maildir but I am confused about what is supposed to happen. When sending a test virus using http://www.aleph-tec.com/eicar I can't seem to ever see the message containing the "virus". Should I be able to retrieve that message in my mail client? Even when I browse the user folder for the email account I cannot find anything regarding the message with a virus - no file, nor directory. I'm trying to figure out what happens to messages with viruses that come in.
The reason for this is because I installed clamav-unofficial-sigs to add some help fighting spam. If this new package identifies something bad will my system think it is a virus and if so what happens to it.
In short, I think I need to be able to view messages identified as having a virus to check for false positives. How can I do that?
Thoughts?
First thing you could do is watch the logs for Postfix and Procmail on the receiving server when the virus test mail comes in. Those will tell you what happens with the mail, if it got accepted, if Procmail/ClamAV recognized the virus, to which target the mail is saved and so on.