SAV should block [EMAIL PROTECTED], because it is fail sender verification.
Your from_sender_bw.map should block it a blacklisted sender. The problem is that your whitelisted ip's can be infected and it comes sailing through your SMTP_*_restrictions, but you should also have in pcre:header_checks.regexp /[EMAIL PROTECTED]/ 554 ACL header_checks infection and in pcre:body_checks.regexp ... the "dangerous" filetype filter should catch it. If it gets past those 4 filters in IMGate (almost none do), then your AV should catch it. Len
