This has proven to be a huge improvement (thanks, Joe!), but having problems with false positives. Anyone else experiencing that?
Here's an example. There's one message that I have been unable to send. It goes straight into the Virus Quarantine, and the clamd.log reports this:
Thu May 07 00:35:00 2015 -> F:\Spool\SubSpool9\45746438402.eml: winnow.phish.ts.elena.1.UNOFFICIAL FOUND
Note that winnow.phish is disabled (it appears twice in the ini), but this signature is coming from winnow_malware_links. The odd thing is that this is legit correspondence with someone named Elena, and it doesn't contain any links other than her email address. Seems pretty harsh to stop all mail to anyone named Elena. :-)
I haven't figured out a way to get this message to send, other than to turn off clam. Is there a way to force false positives to send? And on the flip side, is there a way to force incoming false positives to get delivered?
I'm thinking about trying just the www.securiteinfo.com signatures to see how their FP rate is. Has anyone tried that?