[AMaViS-user] Message "Passed CLEAN" but sender notified of block

I have a situation where a message was passed as clean:

Aug 2 13:53:12 10.25.1.231 amavis[7089]: (07089-06) Passed CLEAN,
CF/MYNETS LOCAL [10.37.88.3] [10.37.88.3] <bvento@domain.com> ->
<privard@rcpt.com>, Message-ID:
<46B1E1AB020000F1000028D3@GW_MAIL-FS.domain.com>, mail_id: DCea9MTrIAFS,
Hits: -, queued_as: 4A548E5C10, 706 ms

But the sender was notified that the message was blocked due to invalid
header. Is this possible? Using amavisd-new-2.4.3 with custom
notification templates.

Here's the notification, note that mail17 is 10.25.1.231

>>> <postmaster@us.com> 08/02/07 1:53 PM >>>

Subject: Email Blocked ?????? Invalid Header
Message-ID: <DSN07089-06@mail17.us.com>

Perimeter eSecurity blocked the email that contained invalid header
information

Below you will find more detail regarding the error.

If you have any questions please contact Perimeter eSecurity at
supportdb@us.com.

||
WHAT IS AN INVALID CHARACTER IN MAIL HEADER?

The RFC 2822 standard specifies rules for forming internet messages.
It does not allow the use of characters with codes above 127 to be
used
directly (non-encoded) in mail header (it also prohibits NUL and bare
CR).

If characters (e.g. with diacritics) from ISO Latin or other
alphabets
need to be included in the header, these characters need to be
properly
encoded according to RFC 2047. This encoding is often done
transparently
by mail reader (MUA), but if automatic encoding is not available
(e.g.
by some older MUA) it is the user's responsibility to avoid the use
of such characters in mail header, or to encode them manually.
Typically
the offending header fields in this category are 'Subject',
'Organization',
and comment fields in e-mail addresses of the 'From', 'To' and 'Cc'.

Sometimes such invalid header fields are inserted automatically
by some MUA, MTA, content checker, or other mail handling service.
If this is the case, that service needs to be fixed or properly
configured.
Typically the offending header fields in this category are 'Date',
'Received', 'X-Mailer', 'X-Priority', 'X-Scanned', etc.

If you don't know how to fix or avoid the problem, please report it
to _your_ postmaster or system manager.
]
Return-Path: <bvento@bridgewatersavings.com>
Your message
<46B1E1AB020000F1000028D3@GW_MAIL-FS.domain.com>
could not be delivered to:

--
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
jnimety@perimeterusa.com
http://www.perimeterusa.com



--
The sender of this email subscribes to Perimeter eSecurity's email
anti-virus service. This email has been scanned for malicious code and is
believed to be virus free. For more information on email security please
visit: http://www.perimeterusa.com/email-defense-content.html
This communication is confidential, intended only for the named recipient(s)
above and may contain trade secrets or other information that is exempt from
disclosure under applicable law. Any use, dissemination, distribution or
copying of this communication by anyone other than the named recipient(s) is
strictly prohibited. If you have received this communication in error, please
delete the email and immediately notify our Command Center at 203-541-3444.

Thanks

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/