Based on Debian 11 "Bullseye" environment.


ClamAV is anti-virus software. Set up clamav-milter to check the virus whenever a mail goes through Postfix.


# apt install clamav-milter
  • Installing clamav-milter will install the required ClamAV suites. (e.g. clamav-base, clamav-daemon)

After installation, clamav-daemon automatically starts and fails.

# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/clamav-daemon.service.d
     Active: inactive (dead)
  Condition: start condition failed at Thu 2021-09-19 16:11:15 JST; 1min 27s ago

ClamAV needs the virus database, but it doesn't exist before clamav-freshclam completes the initial download.
So change the configuration for clamav-daemon while clamav-freshclam is downloading the latest database.



The clamav-milter socket location has to be changed from the default to Postfix chroot. Change the MilterSocket in /etc/clamav/clamav-milter.conf.

MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
  • If you want more tweaks, run "# dpkg-reconfigure clamav-milter" and read the explanations.


ClamAV scan sometimes does false positive for the Phishing URL detection. In my case, some emails from Amex and Hilton were caught by this filter.
To turn it off, tweak /etc/clamav/clamd.conf.

PhishingSignatures true
PhishingScanURLs false  # Change this from true to false
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false

After the virus database is ready and config files are updated, start clamav-daemon and restart clamav-milter.
(You can check the log: /var/log/clamav/freshclam.log to see the status of database download.)

# systemctl start clamav-daemon
---(Wait for a while till clamav-daemon is fully up)---
# systemctl restart clamav-milter

Postfix Configuration

Add clamav-milter to the milter configuration line in /etc/postfix/

smtpd_milters =
  • The order written here indicates the order of checks. Greylisting should be the first to kick spam before checking the actual contents.

Reload Postfix to apply a new milter.

# systemctl reload postfix


Send a clean mail to the account, and check the mail header to find the lines added by ClamAV.

X-Virus-Scanned: clamav-milter 0.103.3 at host
X-Virus-Status: Clean

If you want to test the infected mail case, you can use the EICAR test virus for this purpose.

Update History


  • Update to Bullseye version


  • Re-write configurations and restart orders of clamav-milter and clamav-daemon.