I manually looked through thousands of the held messages and found no false positives, so now anything that ClamAV scans goes directly to /dev/null.

Joking aside, be careful that you check the exact exit code that you need to determine whether ClamAV found a virus or not. I was using a script called clamfilter.pl that someone else wrote. Since I was in a hurry, I went ahead and stuck it in my procmailrc without checking into it much. It seemed to work for quite a while. When one of the MS virus storms hit, I started sending all the viruses to /dev/null like you are. This turned out to be a mistake.

At some later point, we had a hard drive disaster that left most of /usr unreadable. However, the mail server was still running, and still using clamav to filter mail. Due to one of clamav's files becoming unreadable, clamav started exiting with a nonzero exit code, but not because it was finding a virus in the mail. Hence ALL mail went to /dev/null for a few days while the system was being rebuilt, and we didn't discover it until afterwards. I filed a bug with the clamfilter forum, but up till now the author hasn't fixed his (IMO dangerous) code that he is offering for general use.

The moral of the story is, if you are sending mail to /dev/null in ANY case, be damn sure that you are properly checking clamscan's exit code.

Score:5, Informative