I just installed a Debian Stretch with a pack mail and the check_amavis
was not checking the right regex.
Amavis is returning:
2.7.0 Ok, discarded, id=17556-09 - INFECTED: Eicar-Signature
So the regex should be:
-if ($result =~/2.7.0 Ok, discarded, id=[^,]+ - INFECTED: Eicar-Test-Signature/) {
+if ($result =~/2.7.0 Ok, discarded, id=\S+ - INFECTED: Eicar-Signature/) {