Good day.
I have ESET Mail Security 4.5.9 installed on a RHEL 6 machine with EXIM as MDA. Even when the configuration file has the MDA agent configured with the following options:
action_av = "scan"
av_clean_mode = "delete"
action_av_infected = "reject"
action_av_notscanned = "accept"
action_av_deleted = "reject"
When an infected email is received, it is cleaned and delivered (not deleted or rejected); When that happens, log files shows (for example):
agent=mda, virus="probably a variant of Win32/Exploit.CVE-2017-11882.A trojan", action="contained in