When ClamAV detects a virus, what action is taken automatically by the system.
is it stopped from going to the mail box, is it bounced back or is it deleted?
I don’t see to many detected but want to make sure there not still lurking some where still.
ClamAV does not undertake any action other then marking the email/file etc as a virus. Other processes would then delete it
The reason for the email to be received first, is it has the be received before it can be scanned, and viruses are deleted so no bounce or send back to sender.
There are online viruse tests for mail servers or you could do yourself using the idra files (sorry wrong name but just cannot remember the correct name sorry) and they should be stopped or not received
However, please remember that it can only protect against known viruses and there are always false positives. Also, if you use third part databases, some can have issues or slow down the server due to loading.
Lastly, you may want to increase the scan file size to meet your expected usage