My top virus on my system is reported as "YARA.possible_includes_base64_packed_functions.UNOFFICIAL", with just 1.4% daily of all messages being logged as virus infected. I am using the default unofficial ones, plus a securiteinfo.com subscription.
I have had a report from one of my users that they have not been receiving some email from a particular person with an attachment, on investigation I found that it had been blocked because the attachment triggered by "YARA.possible_includes_base64_packed_functions.UNOFFICIAL".
Am I correct in thinking I can notify users that an email as been quarantined using just this rule/virus detection?
Have others EFA users been affected by this, if so what strategy did they use to deliver false-postives, either by notification or direct delivery.