[exim] two stage virus scan

Hello,

licenses for commercial virus scans are expensive, so in our mailserver
setup we cannot not provide a virus scan for everyone, but just for
customers paying for this extension.

In the acl_check_data we do a conditional virus scan: If one of the
recipients given in this smtp-session has paid for the virus scan and a
virus is found, then the mail is refused directly after the DATA-command.

But there is a second case that may occur: Someone sends a virus to a
mailforwarder on our server (e.g. info@???) that forwards to a
mailbox (e.g. lehmann@???) that requires a virus scan. In that case
the virus wouldn't have been refused by the acl_check_data, because
info@??? hasn't paid for virus scan so our mailserver would accept
the email. But the virus still shall not reach the mailbox of
lehmann@??? and I don't know how to configure that in exim.

As forwarders can have more than one recipient and these recipients
might be handled internally or by external mailservers, it is impossible
to check if the recipient of a forwarder requires a virus scan.
Forwarders could also have multiple forwarders until they reach the
mailbox (e.g. info@??? -> supportgroup1@??? -> lehmann@???).

My goal is that no virus reaches a mailbox and that the sender of the
mail gets a usual bounce message (as it would get by the refusal after
the DATA-command). But since the mail has already been accepted by the
mailserver at this point I don't know how to prevent the virus from
reaching the mailbox and how to generate a bounce message then.

Regards
Marten