You're right ClamAV in it's default config - with the default signatures does not detect this as a virus.and these emails keep coming in attaching file,
consider upgrading to 7.1 soon - PMG 6.4 will be EOL in a few monthsCurrently on PMG 6.4.4
it did here on a test-intall of mine?odd that securiteinfo didnt get that either
clamdscan /tmp/bademail.txt
/tmp/bademail.txt: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.037 sec (0 m 0 s)
Start Date: 2022:05:18 18:10:59
End Date: 2022:05:18 18:10:59
root@mail:~# clamdscan bademail.eml
/root/bademail.eml: File path check failure: Permission denied. ERROR
/root/bademail.eml: File path check failure: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 2
Time: 0.001 sec (0 m 0 s)
Start Date: 2022:05:25 00:03:24
End Date: 2022:05:25 00:03:24
root@mail:~# clamscan -id securiteinfo0hour.hdb bademail.eml
LibClamAV Error: cl_load(): No such file or directory: securiteinfo0hour.hdb
ERROR: Can't get file status
----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.000 sec (0 m 0 s)
Start Date: 2022:05:25 00:03:24
End Date: 2022:05:25 00:03:24
clamscan -id /var/lib/clamav securiteinfo0hour.hdb /root/bademail.eml
securiteinfo0hour.hdb: No such file or directory
WARNING: securiteinfo0hour.hdb: Can't access file
/root/bademail.eml: SecuriteInfo.com.Exploit.CVE-2018-0802.Gen.27640.18064.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 12902762
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.66 MB
Data read: 0.30 MB (ratio 2.22:1)
Time: 37.121 sec (0 m 37 s)
Start Date: 2022:05:25 00:15:48
End Date: 2022:05:25 00:16:25
root@mail:/var/lib/clamav# ls -l -h
total 592M
-rw-r--r-- 1 clamav clamav 586K Oct 14 2020 MiscreantPunch099-Low.ldb
-rw-r--r-- 1 clamav clamav 1.5K Jul 1 2015 Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav 1.3K Feb 22 2016 Sanesecurity_spam.yara
-rw-r--r-- 1 clamav clamav 98K May 16 07:48 badmacro.ndb
-rw-r--r-- 1 clamav clamav 495K May 25 00:06 blurl.ndb
-rw-r--r-- 1 clamav clamav 3.4K Oct 14 2020 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav 610 Oct 14 2020 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 104K Oct 14 2020 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav 9.5K Oct 14 2020 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 287K Mar 9 2021 bytecode.cvd
-rw-r--r-- 1 clamav clamav 56M May 24 03:42 daily.cvd
-rw-r--r-- 1 clamav clamav 241K May 24 11:06 foxhole_filename.cdb
-rw-r--r-- 1 clamav clamav 51K Sep 11 2020 foxhole_generic.cdb
-rw-r--r-- 1 clamav clamav 3.8K Aug 18 2017 foxhole_js.cdb
-rw-r--r-- 1 clamav clamav 230 Nov 21 2016 foxhole_js.ndb
-rw-r--r-- 1 clamav clamav 69 May 16 23:08 freshclam.dat
-rw-r--r-- 1 clamav clamav 48K Aug 5 2015 hackingteam.hsb
-rw-r--r-- 1 clamav clamav 15M May 24 01:42 javascript.ndb
-rw-r--r-- 1 clamav clamav 6.7M May 24 11:06 junk.ndb
-rw-r--r-- 1 clamav clamav 661K May 24 11:06 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 172K May 24 19:06 jurlbla.ndb
-rw-r--r-- 1 clamav clamav 240K May 12 03:06 lott.ndb
-rw-r--r-- 1 clamav clamav 163M Nov 10 2021 main.cvd
-rw-r--r-- 1 clamav clamav 73 Oct 14 2020 malware.expert.fp
-rw-r--r-- 1 clamav clamav 73 Oct 14 2020 malware.expert.hdb
-rw-r--r-- 1 clamav clamav 246 Oct 14 2020 malware.expert.ldb
-rw-r--r-- 1 clamav clamav 130 Oct 14 2020 malware.expert.ndb
-rw-r--r-- 1 clamav clamav 73K Jun 29 2017 malwarehash.hsb
-rw-r--r-- 1 clamav clamav 147 Oct 14 2020 malwarepatrol.db
-rw-r--r-- 1 clamav clamav 4.1M May 24 09:06 phish.ndb
-rw-r--r-- 1 clamav clamav 600K Feb 5 10:00 phishtank.ndb
-rw-r--r-- 1 clamav clamav 31K May 24 21:01 porcupine.hsb
-rw-r--r-- 1 clamav clamav 640K May 25 00:00 porcupine.ndb
-rw-r--r-- 1 clamav clamav 847K Mar 16 00:22 rfxn.hdb
-rw-r--r-- 1 clamav clamav 442K Dec 1 2020 rfxn.ndb
-rw-r--r-- 1 clamav clamav 401K Aug 17 2020 rfxn.yara
-rw-r--r-- 1 clamav clamav 292K May 25 00:06 rogue.hdb
-rw-r--r-- 1 clamav clamav 13K Mar 31 10:07 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1.9M May 24 04:05 scam.ndb
-rw-r--r-- 1 clamav clamav 108 Nov 16 2020 scamnailer.ndb
-rw-r--r-- 1 clamav clamav 11M May 24 21:48 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 3.7K May 16 23:08 securiteinfo.ign2
-rw-r--r-- 1 clamav clamav 1.7M May 24 13:45 securiteinfo.mdb
-rw-r--r-- 1 clamav clamav 123 May 19 10:45 securiteinfo.pdb
-rw-r--r-- 1 clamav clamav 3.3K May 16 23:09 securiteinfo.yara
-rw-r--r-- 1 clamav clamav 38K May 25 00:11 securiteinfo0hour.hdb
-rw-r--r-- 1 clamav clamav 9.1M May 24 20:17 securiteinfoandroid.hdb
-rw-r--r-- 1 clamav clamav 8.8M May 24 21:17 securiteinfoascii.hdb
-rw-r--r-- 1 clamav clamav 5.1M May 24 20:47 securiteinfohtml.hdb
-rw-r--r-- 1 clamav clamav 299M May 16 23:08 securiteinfoold.hdb
-rw-r--r-- 1 clamav clamav 210K May 24 20:17 securiteinfopdf.hdb
-rw-r--r-- 1 clamav clamav 7.2K Dec 31 2020 shelter.ldb
-rw-r--r-- 1 clamav clamav 394 Apr 21 08:11 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav 556 May 5 2017 spam.ldb
-rw-r--r-- 1 clamav clamav 4.6M May 25 00:11 spam_marketing.ndb
-rw-r--r-- 1 clamav clamav 1.4K Apr 28 2017 spamattach.hdb
-rw-r--r-- 1 clamav clamav 20K May 5 07:06 spamimg.hdb
-rw-r--r-- 1 clamav clamav 115 Oct 14 2020 spear.ndb
-rw-r--r-- 1 clamav clamav 115 Nov 27 2018 spearl.ndb
-rw-r--r-- 1 clamav clamav 987K May 25 00:09 urlhaus.ndb
-rw-r--r-- 1 clamav clamav 64 Apr 20 09:14 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav 660 Mar 5 2018 winnow.complex.patterns.ldb
-rw-r--r-- 1 clamav clamav 66 Mar 5 2018 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav 65 Apr 20 09:08 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav 159 Mar 5 2018 winnow_extended_malware_links.ndb
-rw-r--r-- 1 clamav clamav 65 Apr 20 09:00 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav 15K Nov 26 2019 winnow_malware_links.ndb
-rw-r--r-- 1 clamav clamav 6.5K Nov 13 2018 winnow_phish_complete_url.ndb
-rw-r--r-- 1 clamav clamav 2.8K Nov 14 2018 winnow_spam_complete.ndb