Re: Re: [MAGNet] Unusual virus in email?

Michael,

I have opened the MBX file with NOTEPAD, scroll to the bottom where the
offending e-mail lived, deleted it (watch for the eudora headers so you
only delete the offending object and not part of the e-mail before it or
after it), save the file, move it back to the \qualcomm\Eudora directory
and the antivirus realtime checking looks at it (and if you removed all the
"bad" e-mails, it is happy and leaves it where it belongs.

If you've had experience working in the .mbx file this becomes fairly easy
to remove this way.
Otherwise, if you move it back before you edit the file, the real time
antivirus checker will simply quarantine it again.

Hope this helps.

At 01:09 PM 8/10/2004, Michael Rimar wrote:
>Thanks...I recall this issue being discussed now. And it makes me sorry
>that i forgot to mention what I didn't think would matter too much...
>
>This is on a machine running Win XP.
>
>Does any of this change? Seems like I could still restore/and re-run NAV...
>
>Michael
>
>At 1:00 PM -0700 8/10/04, Aron Roberts wrote:
>>At 12:09 -0700 2004-08-10, Michael Rimar wrote:
>>>... we have found that In.mbx is in quarantine! Why would NAV move the
>>>whole file into quarantine and not just the infecting file. We suspect
>>>that somehow the virus is not an attachment but rather some kind of
>>>scripting/commands within the email.
>>
>> If you or anyone else may be encountering this issue under Mac OS X,
>> the following Symantec Knowledge Base article describes how to prevent
>> this problem:
>>
>>"Email inbox is deleted after Norton AntiVirus for Macintosh 9.0.x
>>detects a virus in email"
>><http://service1.symantec.com/SUPPORT/num.nsf/6164320143cb6f0c88256d01004ee56c/b8737141567374c588256e37008281dd>
>>
>>>Situation:
>>>Norton AntiVirus 9.0.x for Macintosh detects a virus or Trojan horse in
>>>your email. When Norton AntiVirus for Macintosh 9.0.x repairs an email
>>>infected with a virus, the inbox is deleted, leaving your inbox empty. ...
>>>
>>>Solution:
>>>Symantec released a virus definition update on February 19, 2004, to
>>>solve this problem with Apple's Mail program. On June 18, 2004, a new
>>>update was released to solve this problem additionally with Entourage
>>>X/2004, Eudora 6.x, Netscape 7 and Mozilla 1.8.
>>
>>Michael also asked:
>>>What is the risk of Restoring the quarantined file, deleting recent junk
>>>emails and re-running NAV?
>>
>> If the file has already been quarantined, that's exactly what Symantec
>> suggests that you do: restore the "In" mailbox file, via the Restore
>> button in the Quarantine window in the NAV application; use Eudora to
>> delete any messages in the "In" mailbox containing attachments suspected
>> of carrying viruses, worms, or trojans; and optionally have NAV re-scan
>> the "In" mailbox file. See the second paragraph below:
>>
>>>Now when Norton AntiVirus discovers a virus, it does not automatically
>>>repair the virus; it asks whether you want to repair the virus. If the
>>>virus is attached to an email message, choose not to repair the virus.
>>>Open your email program and browse your inbox for email that has an
>>>attachment. When you find the email message with the virus, delete the
>>>message. In most cases these viruses are PC viruses that do not directly
>>>affect the Macintosh.
>>>
>>>If you choose to repair the virus, Norton AntiVirus now quarantines the
>>>file with the virus rather than deleting it. When the file is
>>>quarantined, the inbox may be moved to Quarantine. This is better than
>>>being deleted because you can restore the file from Quarantine. If your
>>>inbox was moved to Quarantine with an infected email, restore the
>>>infected inbox.
>>
>> From what I understand unofficially, when Norton AutoProtect ('on
>> access' scanning) is enabled, some NAV virus definitions may scan for
>> signature strings which may be found within the bodies of some messages
>> written to the "In" mailbox file, before those 'body parts' are
>> un-encoded and saved as files in Eudora's attachments folder.
>>
>>Aron Roberts
>>Workstation Software Support Group
>
>
>--
>------------------------------
>Michael Rimar
>Administrative Assistant
>UC Botanical Garden
>200 Centennial Drive #5045
>Berkeley, CA 94720-5045
>(510) 642-0849
>fax (510) 642-3012
>http://botanicalgarden.berkeley.edu
>------------------------------
>
>"There's no bad weather, only the wrong clothes"
>Scottish fisherman's proverb
>
>------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>For information about Micronet, including subscribing to
>or unsubscribing from its mailing list and finding out
>about upcoming meetings, please visit the Micronet Web site:
><http://micronet.berkeley.edu/>.

********************************************************************************************
* Steve "DrSteve" Longenbohn IS&T: Administrative
Systems Dept
*
* CalNet Deputy CalAgenda Admin PC Doctor System Administrator
* Departmental Security Overseer
*
* Office: 510-643-9777 Cell: 510-812-0256
* 2111 Bancroft Way, Room 409D (Banway Bldg)
********************************************************************************************

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Aug 10 13:34:22 2004