Clamav NOT filtering emotet

Operating System & Version
CLOUDLINUX 7.6
cPanel & WHM Version
v90.0.8

Fbarajas

Well-Known Member
Jul 15, 2004
57
4
158
Playa del Carmen, Mexico
Hi!

Many of my customers are receiving the "emotet" trojan (it arrives as a bank email, with a ".doc" attachment).

I'm using ClamAV and Imunify360 (the complete version, not the AV).

Is there any way I can stop those mails? It seems that ClamAV does not flag them as malware.

I can't block all the ".doc" files, because my users send many real documents in that format.

I have access to WHM as root, so I can modify anything that is needed.

Thanks!
 

keat63

Well-Known Member
Nov 20, 2014
1,852
224
93
cPanel Access Level
Root Administrator
ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such.
If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)

I do know, however, that in conjunction with ConfigServer Mailscanner, it will perform email scanning.
Whether or not it will pick up emotet is another matter.


I have 3 lines of defence,
ClamAV on the sever.
An internal UTM
AV on client PC's

And sometimes it still takes common sense to spot them.
 
  • Like
Reactions: cPanelLauren

Fbarajas

Well-Known Member
Jul 15, 2004
57
4
158
Playa del Carmen, Mexico
ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such.
If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)
As far as I know, Clamav with the Clamav Connector for CPanel with exiscan.

BTW, what is a UTM?

Thanks!