Re: [clamav-users] ClamAV - Emotet - Malware not detected

Wed, 16 Sep 2020 02:40:48 -0700

Hi Cyril, 
How did you transmitted the virus ? Via email? As attachments ? It was
compress or uncompressed ? 
I know you might not agree with me but my suggestion is to block from
MTA sending executable file. (exe,bat,pif,scr,dll, etc). Most of the
MTAs are anyway directly rejecting when such attachment is seen. For
example google: https://support.google.com/mail/answer/6590?hl=en. I am
doing the same on my email systems. I know is proffered to know the
exact type of virus and rejecting it but now-days most of the executable
sent via email ( or even links posted in email) are viruses. 
If you are talking about compressed files you have multiple choice to do
this as well: 
1) use complicated MTA rules to unzip/untar/unrar/etc the archive and
check if executable is inside. 
2) use foxhole unoficial clamav signatures (might not cover all the
situations) 
3) write your own signatures like this. Please check before the manual:
https://www.clamav.net/documents/extended-signature-format 
Archived_BAT:*:*:(?i)\.bat$:*:*:*:*:*:*
Archived_COM:*:*:(?i)\.com$:*:*:*:*:*:*
Archived_EXE:*:*:(?i)\.exe$:*:*:*:*:*:* 
Hope that is usefull

---
Best regards,
Iulian 
On 2020-09-16 11:43, SG/SNUM/UNI/DETN/GMCD emis par AECK Cyril -
SG/SNUM/UNI/DETN/GMCD via clamav-users wrote:


Hello,

Today, we transmitted a significant amount of Emotet files that were undetected 
by ClamAV,
(verification done under VirusTotal).

Is there a reason why the Emotet detection rate is very low for ClamAV?

Thank you in advance.

Best regards,

---
Cyril AECK

Service du numérique - SNum
UNI/DETN
Messagerie & conférences à distance

Tel.  04 74 27 52 13
Port. 06 63 16 23 32 
_______________________________________________

clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________

clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to