Quote:
Alternatively, if I could find a way to scan and log every email sent for this virus directly on the SmoothWall it would be great as well.


I can think of one way to do it this way. Install postfix or another SMTP server on the SmoothWall box. Instruct the firewall to redirect any port 25 traffic to the local machine on the internal port. Install an antivirus solution (clamav with amavisd) onto the SMTP server, and have it accept any mail from the local LAN to send out to the world.

By having the firewall redirect the SMTP traffic to your server, you get 2 things out of this. Virus protection on outbound mail (seems to be the issue here), and logging to track this down easier if the scanner misses something the ISP sees.

There are some downsides though. If anyone uses authenticated SMTP, this will break that. TLS SMTP will also be broken, as clients will see this as a man in the middle attack. Lastly, your users e-mail could be marked as spam easier by other servers due to a number of factors, one being that the IP you have might be a cable modem IP, and those tend to be marked as spam senders in a lot of databases.

It's a more complex solution to set up, but provides long term protection. This setup might also be extended to handle POP by using a POP proxy of sorts that would let the server scan the messages before the clients were sent the full data. I'm not sure what program could implement that though, as I have only worked with IMAP proxies for performance to webmail clients.