Clamav NOT filtering emotet

[Fbarajas]

Hi!

Many of my customers are receiving the "emotet" trojan (it arrives as a bank email, with a ".doc" attachment).

I'm using ClamAV and Imunify360 (the complete version, not the AV).

Is there any way I can stop those mails? It seems that ClamAV does not flag them as malware.

I can't block all the ".doc" files, because my users send many real documents in that format.

I have access to WHM as root, so I can modify anything that is needed.

Thanks!

 

[cPanelLauren]

There are plenty of other threads on just this, such as the following which goes over blocking .doc files Email Filter *.Doc Type File Attachment

 

[Fbarajas]

There are plenty of other threads on just this, such as the following which goes over blocking .doc files Email Filter *.Doc Type File Attachment

I don't want to filter ALL .doc attachments. Most of them are valid, from my customers. I only want to filter the ones with virus.

 

[keat63]

ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such.
If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)

I do know, however, that in conjunction with ConfigServer Mailscanner, it will perform email scanning.
Whether or not it will pick up emotet is another matter.


I have 3 lines of defence,
ClamAV on the sever.
An internal UTM
AV on client PC's

And sometimes it still takes common sense to spot them.

 

[Fbarajas]

ClamAV isn't the best i'm afraid, i'm pretty sure there was a thread a few weeks ago discussing such.
If i recall, it was determined that ClamAV doesn't perform live virus scanning (although I may be mistaken)

As far as I know, Clamav with the Clamav Connector for CPanel with exiscan.

BTW, what is a UTM?

Thanks!

 

[keat63]

Unified Threat Management.
Its a firewall with other software inbuilt.

AV, AntiSpam, etc etc etc