Did you try to "retain full original message for virus checking" using this below in your amavis @keep_decoded_original_maps ?
qr'^MAIL$' Marius On Wed, May 31, 2017 at 4:48 PM +0300, "Gerben Roest" <[email protected]> wrote: Hello, I noticed that a javascript trojan slipped through because amavis extracted the virus from the zip file to something like: /var/lib/amavis/tmp/amavis-20170522T095840-15377-v7RlAZkS/parts/p005 and my virus scanner "esets_cli" didn't recognize that as a virus. I noticed that esets_cli needs the .js extension (or .bat or something) to recognize it. ESET doesn't have a mode or flag to disregard any extensions, so my hope is that I can tell amavis not to extract to p005 but to 15364.js for instance. Is that possible? Thanks, Gerben
