Currently only headers sendmail receives are sent to clamav-milter which inserts them into the notification message.
Otherwise you tend to be missing the only believable header information.
Usefull information would be sending helo name, sender hostname, sender ip address, queueid, rfc time. And, if by some chance we can tell if the virus was submitted by an authenticated user, that should be noteworthy as well.
As an example, I would use this to semi-automaticaly blacklist hosts that send viruses by feeding the email into a script to extract the sender ip address.
http://spamikaze.nl.linux.org/
I can probably send a patch if you would like.
Joe _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
