Clamav NOT filtering emotet

Fbarajas

• September 15, 2020 10:03

Hi! Many of my customers are receiving the "emotet" trojan (it arrives as a bank email, with a ".doc" attachment). I'm using ClamAV and Imunify360 (the complete version, not the AV). Is there any way I can stop those mails? It seems that ClamAV does not flag them as malware. I can't block all the ".doc" files, because my users send many real documents in that format. I have access to WHM as root, so I can modify anything that is needed. Thanks!

• 

  cPanelLauren

  • September 15, 2020 22:09

  There are plenty of other threads on just this, such as the following which goes over blocking .doc files

  0
• 

  Fbarajas

  • September 15, 2020 22:35

  There are plenty of other threads on just this, such as the following which goes over blocking .doc files

  0
• 

  keat63

  • September 16, 2020 07:26

  ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such. If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken) I do know, however, that in conjunction with ConfigServer Mailscanner, it will perform email scanning. Whether or not it will pick up emotet is another matter. I have 3 lines of defence, ClamAV on the sever. An internal UTM AV on client PC's And sometimes it still takes common sense to spot them.

  0
• 

  Fbarajas

  • October 10, 2020 18:06

  ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such. If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)

  
  As far as I know, Clamav with the Clamav Connector for CPanel with exiscan. BTW, what is a UTM? Thanks!

  0
• 

  keat63

  • October 13, 2020 07:11

  Unified Threat Management. Its a firewall with other software inbuilt. AV, AntiSpam, etc etc etc

  0

Please sign in to leave a comment.