Re: False sense of security
"VirusTotal may have some use cases. But from my experience for phishing and scam sites the detection rate is near zero. Not sure about malware."
I hear what you're saying about the false sense of security which could perhaps represent a danger. I'm sure I've seen evidence for it but it would only be anecdotal so I'll say no more about that.
The threat profile from emails arriving here might not be typical, but I can share some of my experience, which is long and well documented.
I'm unable to comment on VirusTotal's (email) phishing and scam site detection performance because I haven't measured it, but I'd say it's pretty good for malware.
My milters, using a few simple Yara rules, routinely catch malware in email which multiple commercial and free virus scanners fail to identify. I have records for the last four hundred or so samples and about fifteen scanners courtesy of Jotti's Virus Scan. When I submit samples using our homebrew API to Jotti, very few threats are missed by all the scanners but the norm is for most of them to miss most threats. If I submit the threats (manually) to VirusTotal, the percentage of threats missed by all of the more than seventy scanners that they use is negligible, but again many of them seem to miss most threats.
You simply cannot rely on scanners alone. If you do, you are going to be compromised.