OSX MAIL - emergency help needed!

Discussion in 'Mac Apps and Mac App Store' started by gavki, Feb 14, 2005.

  1. gavki macrumors newbie

    Feb 14, 2005
    In the last few days apparantly my mail has been forwarding a pc based worm virus to my address book.

    I used clamxav to do a search for any viruses and it did find 2 possible viruses. However - It quaranted my mail boxes to a quarantine folder. I now can't view any of my old messages - even though i've tried putting the files back where they originally came from.

    is it possible to get these e-mails back or are they gone forever?
  2. oingoboingo macrumors 6502a


    Jul 31, 2003
    Sydney, Australia
    To be honest, I don't fully understand your post.

    But here goes...

    Mac OS X Mail stores mail as plain text files. You should be able to view the contents of any of your OS X Mail mailboxes by using a command line utility like 'less', or a program like TextEdit. You don't necessarily need to view the mailbox files with Mac OS X Mail.

    If you've put the files back to where they came from, you might also want to try rebuilding the index files which OS X Mail uses to rapidly search and retrieve mails from the main text mailbox files. You can do this using the Mailbox->Rebuild menu option in OS X Mail.

    Now...why do I feel like I've just been trolled?
  3. rickvanr macrumors 68040


    Apr 10, 2002
    umm, is that possible?

    Something similar happened to me a few years back, but it was just someone using my email address, they weren't doing it from my computer or even my email account, they just masked my address.
  4. Mitthrawnuruodo Moderator emeritus


    Mar 10, 2004
    Bergen, Norway
    It's VERY unlikely that Mail has sent any virus infected mails to people in your Address Book (short of the possibility that you've done it manually). Almost all virus/worms that are sent from Outlook (Express) on PCs will spoof it's Sender address from the "senders" history, trying to confuse the recipients. If anyone has gotten virus infected e-mail with your name - and you have not sent these manually - this is a good example of this kind of spoofing. Those e-mail did NOT originate from your machine!

    If you've run a Virus scanner, and it has found any virus, this is probably in your Inbox, Trash or Junk folder(s) and you should NOT quarantine the file as all of those folders are saved as one textfile each, and quarantining this will remove all of the other e-mails in those mailboxes. A better way is to locate the infected e-mail, with its .exe/.pif/.bat/etc attachement, and delete those e-mails...

    How to un-quarantine your malboxes you just have to find out in the documentation of your AV software, whatever it is your using. About AV software on Macs in general, look here ...
  5. gavki thread starter macrumors newbie

    Feb 14, 2005
    I did think i was strange but a number of didn't friends sent me messages or called me saying i had forwarded a virus to their PC's. It may have been a hoax etc but regardless - i've got myself into a mess now and hope i can retrieve some things.

    Seeing as I found it so unlikely, i just downloaded a free AV application just to see (clamXav) which automatically found two files in my mailbox and quarantined 2 different mailboxes).

    I've put the 2 .mbox files back in the library>mail> folder where they came from. My mailbox is showing the sender/title info but the actual message text is missing and is replaced by :

    The message from "xxxx" <xxxxx> concerning “RE:xxxxxxx” has not been downloaded from the server. You need to take this account online in order to download it.

    What's strange is that if i do a search 'entire message' it seems to be able to find text within the messages which currently won't allow me to view them so i know the messages are still alive - somewhere!

    any ideas?
  6. Logik macrumors 6502a

    Apr 24, 2004
    the very reason i have Synk scheduled to backup my mailboxes every week :p ... i also backup before i do any changes to things like you have. definitely consider backing up before you do any of this next time! ;)
  7. jeremy.king macrumors 603


    Jul 23, 2002
    Fuquay Varina, NC
    Yes...re-read Mitt's post.
  8. cjj macrumors newbie

    Feb 22, 2005
    simple import


    - go to: file: import mailboxes
    - a menu will pop-up asking what kind of mailbox: select "other"
    - it will guide you through and ask where the mailboxes are located (the quarantine folder)

    if your mailbox is large (>1000), it will take quite a while to import.
    make sure you have enough space on your HD since, if there is not, you will get an error and not be able to see the messages even though the box appears to be there.

    Once you've reimported the mailbox, you still want to get rid of the infected messages. It seems from the previous posts that there are several ways to do this. If you want to use clamXav it isn't straightforward yet to detemine what message is infected. One way to do this, suggested by the author of the program, Mark Allen:

    - to divide the infected mailbox into 2 or more folders (this can be done randomly, but I suggest you do it manually by some criteria, such as "with attachment", "attachment type", "not in address book", contains HTML, etc)
    - note: I made a new folder, then several subfolders - you can scan select the main folder to scan
    - Scan again
    - divide the infected folder again until you are down to a manageable amount of messages
    - to verify if a message is infected, you can put it in a folder by itself

    Again, though this works, it is time consuming and the other posts here may provide easier ways.

Share This Page