Checkout SafeBrowsing.  These deserve a reject, methinks.
It would work better if senders/recipient can be whitelisted.
For example "brave users" may choose to skip such filtering,
or whitelisted senders can pass messages that seem phishy.
However, this conflicts with avfilter running early.  Perhaps,
we need to combine "pass" with the addition of a custom header
with the details of what was found.

Find out how to discover if a new libclamav is available
(need to stop and restart filtering in such cases).

Find out if newer versions of ClamAV have a way to let
the caller know about broken archives, and do something
useful in such cases.

Have avfilter report its running configuration on sigusr1,
e.g. in case the new one is not accepted, or verbose is high,
or avfilter_sig communicates some additional flag.

Set an upper limit for the number of files saved
in the missed and virus directories; both global
and per virus/error name limits.

Check how avfilter could be used as a non-all filter
(using rcptfilter and whitelisting API localmailfilter)
or when enablefiltering is not set to "esmtp".

Optionally switch automatically to bounce action if
the sender logged in or is RELAYCLIENT.

Smart bounce (to sender and/or original recipient)
optional on a per-virus / per sender basis.

