This could be a bug, or it could be me doing something wrong. Hopefully someone can point me in the right direction.
Despite having SMTP Virus Scanning enabled, a considerable amount of virus .zip, .doc and .xls mail attachments are still being delivered. I’ve even forwarded myself archives that a non-Interworx installation of ClamAV has quarantined, and these have also been delivered with no questions asked.
Is there a log (or other source of evidence) that I can check to verify the ClamAV is actually scanning the emails?
The attachments were only a few kilobytes, so it wasn’t that they were exceeding the maximum file size.
In any case, I’ve tried a few online EICAR tests, as you suggested, and ClamAV picked up the emails they sent and prevented them from being delivered, so I guess things are generally working after all.