At 11:27 -0700 2004-09-17, Don Bernstein wrote:
>I had this problem earlier this week. The solution went something like this:
>
>- Disable NAV (you may want to unplug the network cable first)
>- Restore In.mbx
>- Make a backup of In.mbx
>- Delete (or move to a different mailbox) recent messages in the In box.
>- Delete all SPAM:XXX.. messages
>- Scan In.mbx with NAV to ensure a clean file
>- Direct NAV to exclude your backup from the scan.
>- Re-enable NAV
>
>- When all is well, delete that backup file
Good advice! This is basically consistent with advice that Karl
Grose has offered to others who have encountered this problem. From
what I understand, the basic idea is to:
- Temporarily unplug from the network, so that an accidentally triggered
trojan or worm can't do additional damage to your computer or others'.
- Temporarily turn off real-time scanning in your Symantec anti-virus
program.
- Make a precautionary backup copy of your current inbox file,
just in case the file you're about to restore, described in the
next step, below, doesn't happen to contain your most
recently-received messages. (This also serves as your backup if
something goes wrong in the process below.)
- Restore your email program's (e.g. Eudora's) inbox file from your
anti-virus's software's quarantine - if the resultant mailbox file
proves usable - or from a recent backup source if it is not.
- Delete likely offending messages from the inbox file,
until a manual scan of that file using your anti-virus program
indicates that the inbox is clean.
You can use either your email program or - if you're careful, and if,
as in the case of Eudora, your email program stores your mailboxes
in a text file format - a text editor to delete those messages.
- Check to make sure that your newly "cleaned" inbox has all of the
recent messages that are in your backup copy of this mailbox.
After "cleaning" your email program's inbox, you can then restore
real-time scanning in your anti-virus program and reconnect to the
network.
Preventing future occurrences
-----------------------------
As the articles linked from Karl's previous message point out,
excluding Eudora's spool folder - and possibly also the Inbox and
Trash mailboxes - from scanning can help prevent this problem from
occurring in the future. Examples of instructions discussing this
include:
http://helpdesk.psu.edu/eudorafix.html
(To exclude Eudora's spool folder)
http://www.capital.edu/cc/it/media/emailfix.html
(See "Excluding your email box from anti-virus scanning:"
[suggests excluding the Inbox and possibly the Trash mailbox, as well]
and "Special procedure for Eudora users" [to exclude
Eudora's spool folder])
For Macintosh users
-------------------
This issue - Symantec's anti-virus software quarantining an email
program's "inbox" - can occur on a Macintosh when using Norton
AntiVirus for Macintosh, and even (with NAV 9.x) if the inbox
contains a message that is "infected" with code that can only affect
Windows systems.
Here's a link to a relevant discussion of the latter:
http://ls.berkeley.edu/mail/magnet/2004/0339.html
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri Sep 17 16:26:47 2004
This archive was generated by hypermail 2.1.8 : Fri Sep 17 2004 - 16:27:04 PDT