How to whitelist an e-mail address from being filtered by amavis?

Amavis continue to put a message in quarantine, even if I whitelisted it from the Web GUI (e-mail/filter/rules by e-mail address).

Any idea how to whitelist the sender for amavis too?

Here the log from /var/log/maillog

Jul 10 11:50:40 mail amavis[1500]: (01500-03) ESMTP []:10024 /var/spool/amavisd/tmp/amavis-20170710T101046-01500-tX_2DJWu: -> <
SIZE=15980 Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP for; Mon, 10 Jul 2017 1
1:50:40 +0200 (CEST)
Jul 10 11:50:40 mail amavis[1500]: (01500-03) Checking: zTmXEZPcDO6q [] ->
Jul 10 11:50:40 mail amavis[1500]: (01500-03) header_edits_for_quar: ->, No, score=x tag=-1000 tag2=5 kill=18 tests=[] autolearn=unav
Jul 10 11:50:40 mail amavis[1500]: (01500-03) skip local delivery(3): ->
Jul 10 11:50:40 mail amavis[1500]: (01500-03) Blocked INFECTED (PhishTank.Phishing.5018864.UNOFFICIAL) {RejectedInbound,Quarantined}, []:34356 [] ->, Message-ID:, mail_id: zTmXEZPcDO6q, Hits: -, size: 16185, 110 ms
Jul 10 11:50:40 mail postfix/smtpd[2435]: proxy-reject: END-OF-MESSAGE: 554 5.7.0 Reject, id=01500-03 - INFECTED: PhishTank.Phishing.5018864.UNOFFICIAL; t proto=ESMTP helo=<>

The message is not spam, it is infected by a virus. It seems the black/whitelists work for spam messages only.

You could whitelist that virus signature:

echo "PhishTank.Phishing.5018864" >> /var/lib/clamav/mywhitelist.ign2

Then restart clamd.

1 Like

I was suspecting that, It seems I temporarily solved the issue completely deactivating the antivirus in e-mail Server.

It’s interesting cause the e-mail it’s just a google calendar notification, automatically sent by Google Calendar at the creation of an event.
Probabably PhishTank has to update/correct its database.

If I find the time I’ll try to report the issue to them

Thank you, I’ll try very soon… A lot better than completely turning off the antivirus module :sweat_smile:

Just tried and tested: solved!

Thank you

1 Like

Thanks for feedback.
For the record, here’s the sig:

# sigtool -f PhishTank.Phishing.5018864 | sigtool --decode-sig
VIRUS NAME: PhishTank.Phishing.5018864