Clam AV being a free AV and full-featured AV it's hard for us to understand every aspect of it being that it's not our product. But I do have a solution for you here.
Firstly let's start with turning off scanning for Phishing. This is helpful if you get lots of Heuristics.Phishing.Email.SpoofedDomain False positives.
To do this you need to do the following.
- Go to C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc
Edit the Clamd.conf
- Append PhishingScanURLs no to the bottom of the file.
- Once that is done save and restart the SmarterMail service.
Next, if you're getting different false positives like Email.Phishing.RPMSG_Downloader-10004958-0 you can whitelist the signature via the following steps.
Stop the SmarterMail service.
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav
After this create a file called
After this edit that file and enter in the signature of the false positive.
Start the service.
You should be able to do one signature per line if you have other examples.
If you're unsure what the signature of the false positive is you will be able to find this in the delivery logs.
I hope this helps. If you have any questions or concerns feel free to let me know. We are going to have a KB on this in the future with this information as well.