diff --git a/build.sh b/build.sh
index 118f922b4dcd1383efc6163c4d3ee39d3900d4bc..06647899844ad17d34a028f43345400d7c048df2 100755
--- a/build.sh
+++ b/build.sh
@@ -8,6 +8,7 @@
 # chaperone (installed via pip).
 PACKAGES="
 	clamav-daemon
+	clamav-milter
 	curl
 "
 
diff --git a/conf/chaperone.d/clamav-milter.conf b/conf/chaperone.d/clamav-milter.conf
new file mode 100644
index 0000000000000000000000000000000000000000..a6a985a9b329c33a206219f7cc5d36c6a26a3a81
--- /dev/null
+++ b/conf/chaperone.d/clamav-milter.conf
@@ -0,0 +1,4 @@
+milter.service: {
+    command: "/usr/sbin/clamav-milter --config-file=/tmp/clamav-milter.conf",
+    exit_kills: true,
+}
diff --git a/conf/clamav/clamav-milter.conf b/conf/clamav/clamav-milter.conf
new file mode 100644
index 0000000000000000000000000000000000000000..75c0485031a25c22b399e463dbb781f4982ad075
--- /dev/null
+++ b/conf/clamav/clamav-milter.conf
@@ -0,0 +1,8 @@
+Foreground true
+MilterSocket inet:@MILTER_PORT@@0.0.0.0
+ClamdSocket tcp:127.0.0.1:@CLAMD_PORT@
+SupportMultipleRecipients true
+TemporaryDirectory /tmp
+OnInfected Reject
+RejectMsg Rejecting harmful email: %v found
+
diff --git a/gen-config.sh b/gen-config.sh
index 739b1515df41e54eed67c06eb6e46471cf2acf5e..9482dd7d03856d9f082e6d58c016ca6d580c94dc 100755
--- a/gen-config.sh
+++ b/gen-config.sh
@@ -1,9 +1,12 @@
 #!/bin/sh
 
 # Generate the configuration by patching in environment variables.
-sed -e s,@CLAMD_PORT@,${CLAMD_PORT:-4494},g \
-    < /etc/clamav/clamd.conf \
-    > /tmp/clamd.conf
+for file in clamd.conf clamav-milter.conf ; do
+    sed -e s,@CLAMD_PORT@,${CLAMD_PORT:-4494},g \
+        -e s,@MILTER_PORT@,${MILTER_PORT:-4495},g \
+        < /etc/clamav/${file} \
+        > /tmp/${file}
+done
 
 exit 0