Clamav NOT filtering emotet

Operating System & Version
CLOUDLINUX 7.6
cPanel & WHM Version
v90.0.8

Fbarajas

Well-Known Member
Jul 15, 2004
55
4
158
Playa del Carmen, Mexico
Hi!

Many of my customers are receiving the "emotet" trojan (it arrives as a bank email, with a ".doc" attachment).

I'm using ClamAV and Imunify360 (the complete version, not the AV).

Is there any way I can stop those mails? It seems that ClamAV does not flag them as malware.

I can't block all the ".doc" files, because my users send many real documents in that format.

I have access to WHM as root, so I can modify anything that is needed.

Thanks!
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,041
1,206
313
Houston

keat63

Well-Known Member
Nov 20, 2014
1,763
199
93
cPanel Access Level
Root Administrator
ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such.
If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)

I do know, however, that in conjunction with ConfigServer Mailscanner, it will perform email scanning.
Whether or not it will pick up emotet is another matter.


I have 3 lines of defence,
ClamAV on the sever.
An internal UTM
AV on client PC's

And sometimes it still takes common sense to spot them.
 
  • Like
Reactions: cPanelLauren