Currently my mail-server accepts email for our end-users, pipes it through PROCMAIL and ClamAV.
It's an IMAP server - thus the end-result for each IMAP-folder (inbox) is just a huge ascii file.
ClamAV handles the incoming messages just fine - then/when PROCMail puts the infected email into a quarantined folder once ClamAV appends a new header.
Though, an end-user can copy an email BACK into their IMAP folder (messages) which could contain a virus or trojan by cutting/pasting onto their email files using their client. Thus, it's not parsed back through the PROCMail script and not parsed through ClamAV.
Is there a way to pipe an entire IMAP email store (the message(s) ALL of them) back through to ClamAV - and have it display which email contain(ed) a trojan or virus?
Hope that makes sense.