Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OSX MAIL - emergency help needed!

G

gavki

macrumors newbie
Original poster
Feb 14, 2005
4
0
In the last few days apparantly my mail has been forwarding a pc based worm virus to my address book.

I used clamxav to do a search for any viruses and it did find 2 possible viruses. However - It quaranted my mail boxes to a quarantine folder. I now can't view any of my old messages - even though i've tried putting the files back where they originally came from.

is it possible to get these e-mails back or are they gone forever?
 
gavki said:
In the last few days apparantly my mail has been forwarding a pc based worm virus to my address book.

I used clamxav to do a search for any viruses and it did find 2 possible viruses. However - It quaranted my mail boxes to a quarantine folder. I now can't view any of my old messages - even though i've tried putting the files back where they originally came from.

is it possible to get these e-mails back or are they gone forever?
Click to expand...

To be honest, I don't fully understand your post.

But here goes...

Mac OS X Mail stores mail as plain text files. You should be able to view the contents of any of your OS X Mail mailboxes by using a command line utility like 'less', or a program like TextEdit. You don't necessarily need to view the mailbox files with Mac OS X Mail.

If you've put the files back to where they came from, you might also want to try rebuilding the index files which OS X Mail uses to rapidly search and retrieve mails from the main text mailbox files. You can do this using the Mailbox->Rebuild menu option in OS X Mail.

Now...why do I feel like I've just been trolled?
 
umm, is that possible?

Something similar happened to me a few years back, but it was just someone using my email address, they weren't doing it from my computer or even my email account, they just masked my address.
 
It's VERY unlikely that Mail has sent any virus infected mails to people in your Address Book (short of the possibility that you've done it manually). Almost all virus/worms that are sent from Outlook (Express) on PCs will spoof it's Sender address from the "senders" history, trying to confuse the recipients. If anyone has gotten virus infected e-mail with your name - and you have not sent these manually - this is a good example of this kind of spoofing. Those e-mail did NOT originate from your machine!

If you've run a Virus scanner, and it has found any virus, this is probably in your Inbox, Trash or Junk folder(s) and you should NOT quarantine the file as all of those folders are saved as one textfile each, and quarantining this will remove all of the other e-mails in those mailboxes. A better way is to locate the infected e-mail, with its .exe/.pif/.bat/etc attachement, and delete those e-mails...

How to un-quarantine your malboxes you just have to find out in the documentation of your AV software, whatever it is your using. About AV software on Macs in general, look here ...
 
I did think i was strange but a number of didn't friends sent me messages or called me saying i had forwarded a virus to their PC's. It may have been a hoax etc but regardless - i've got myself into a mess now and hope i can retrieve some things.

Seeing as I found it so unlikely, i just downloaded a free AV application just to see (clamXav) which automatically found two files in my mailbox and quarantined 2 different mailboxes).

I've put the 2 .mbox files back in the library>mail> folder where they came from. My mailbox is showing the sender/title info but the actual message text is missing and is replaced by :

The message from "xxxx" <xxxxx> concerning “RE:xxxxxxx” has not been downloaded from the server. You need to take this account online in order to download it.

What's strange is that if i do a search 'entire message' it seems to be able to find text within the messages which currently won't allow me to view them so i know the messages are still alive - somewhere!

any ideas?
 
the very reason i have Synk scheduled to backup my mailboxes every week :p ... i also backup before i do any changes to things like you have. definitely consider backing up before you do any of this next time! ;)
 
gavki said:
I did think i was strange but a number of didn't friends sent me messages or called me saying i had forwarded a virus to their PC's. It may have been a hoax etc but regardless - i've got myself into a mess now and hope i can retrieve some things.
...
any ideas?
Click to expand...

Yes...re-read Mitt's post.
 
simple import

GAVKI:

- go to: file: import mailboxes
- a menu will pop-up asking what kind of mailbox: select "other"
- it will guide you through and ask where the mailboxes are located (the quarantine folder)

if your mailbox is large (>1000), it will take quite a while to import.
make sure you have enough space on your HD since, if there is not, you will get an error and not be able to see the messages even though the box appears to be there.

Once you've reimported the mailbox, you still want to get rid of the infected messages. It seems from the previous posts that there are several ways to do this. If you want to use clamXav it isn't straightforward yet to detemine what message is infected. One way to do this, suggested by the author of the program, Mark Allen:

- to divide the infected mailbox into 2 or more folders (this can be done randomly, but I suggest you do it manually by some criteria, such as "with attachment", "attachment type", "not in address book", contains HTML, etc)
- note: I made a new folder, then several subfolders - you can scan select the main folder to scan
- Scan again
- divide the infected folder again until you are down to a manageable amount of messages
- to verify if a message is infected, you can put it in a folder by itself

Again, though this works, it is time consuming and the other posts here may provide easier ways.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back