https://pastebin.com/bW5UWN13

I got a debug log from one of the blocked spam messages. May I kindly ask you to check this logs, I really don't know what could cause this behavior, and these logs are kinda messy, but from what I understand, Amavis don't know to put it into quarantine and I don't know where to check if the whole flow is correct.

Thank you very much for your help!

I am aware I sent a GTUBE spam test email, that was my point. This mail SHOULD go into Quarantine and not be Blocked. As far as I remember, the default behavior of iRedMail is to quarantine the spam that hit above the kill score, not to block it. The ones that are bellow kill score and above "normal" spam are tagged SPAMMY and they go into SPAM folder - this is default and working ok.
If the virus is hit, it goes into quarantine, but if the kill spam score is hit, it will be blocked. Before everything went into quarantine and I don't know what changed in the config so that now the email is blocked.
Thank you!

EDIT: Amavis(Spamassassin) is tagging GTUBE as spam, not virus - Blocked SPAM vs. Blocked INFECTED. In our situation, Blocked SPAM is totally blocked, Blocked INFECTED goes into quarantine.

Yes, I understand, but I don't get what are you trying to suggest? Do you maybe have any idea why spam (above spam kill score of 6.9) is blocked and not going into Quarantine?
The GTUBE spam email is not the only one blocked. All emails that hit above spam kill score (6.9) are blocked, but they should go into Quarantine.

I'm sorry sir, but I think that you are not correct. This settings "Spam checking -> Quarantine spam" is option to quarantine ALL spam.
In iRedAdmin-Pro there are options:
- Mark mail as spam when score is >= 4.9
- Block or quarantine marked spam when score is >= 6.9

If we enable "Spam checking -> Quarantine spam" all spam above 4.9 will go into quarantine - we don't want that - the spam above 4.9 and less then 6.9 should go into users spam folder.
The spam above 6.9 should go into quarantine, but it's not, it's blocked.
Please correct me if I'm wrong here and what is the default behavior.

This was working with no problem before, but something changed the behavior, and I cannot figure out what.

Thank you for all your help!

Ok I think I found a bug in iRedAdmin-Pro @ZhangHuangbin can you confirm please?

If I select "Quarantine spam" the "spam_lover" column is not set to "Y" in amavisd.policy table. If I check old backups the "spam_lover" is "Y" even though "Quarantine spam" was NOT selected.

I'm confused, because before "Quarantine spam" was NOT selected and high score spam was quarantined. Now it is selected and the kill score spam is quarantined but I still have to test the "normal" spam - which goes into spam folder and is not quarantined.

Shoud "spam_lover" column be set to "Y" - as was few months ago? And should iRedAdmin-Pro set the "spam_lover" column to "Y" if "Quarantine spam" is selected?
Thank you very much!

Ok I think I managed to find what was the problem. The "spam_lover" was obviously set manually to "Y" and "spam_quarantine_to" to "spam-quarantine" years ago, but iRedAdmin didn't have "Quarantine spam" selected. I then saved the policy and the unselected "Quarantine spam" got saved. Therefore killed spam wasn't quarantined.

And I checked right now that if  "spam_lover" is "Y" and "spam_quarantine_to" is set to "spam-quarantine" the check box in iRedAdmin for "Quarantine spam" is unchecked. Is this a bug @ZhangHuangbin or is this normal behavior? If this is set, users get all spam (tag2 and killed) and killed gets into quarantine.

So we want default, only tag2 into users spam folders, and killed into iRedAdmin quarantine. We set "spam_lover" to "N" and "spam_quarantine_to" to "spam-quarantine" and iRedAdmin "Quarantine spam" is now checked.

@Cthulhu thank you very much for explanations and for your patience.