[clamav-users] Malware in an Icedove profile of mine cannot be located

amenex at amenex.com amenex at amenex.com
Tue Aug 18 08:26:05 EDT 2015


After working out a good method of accessing multiple Icedove  
profiles, combining
multitudes of emails into one grand file system, and then finding one  
nasty little
email that insinuates itself into any folder into which I move found  
emails, I'm
finding that I cannot get rid of the payload that's causing this behavior.

I did find several copies/versions of the email and then moved them  
into a holding
folder, but even though they seem to be isolated there, every time I  
search for
and then move anything else within the rest of the email file system,  
a new copy
of that nasty little email finds its way into the destination folder.

I have saved the sourcecode of the original phishing email in several  
versions or
copies of the offending email, which I had received and then reported  
as phishes
in 2005, and I can quickly locate all the new copies of the nasty email by
searching on its 12/31/1969 date and then deleting them, which consist of just
a date with no headers and no text body, but the propagation still  
persists, even
when the offending emails are "isolated" in a Malware folder. Even after
completely removing the isolation folder onto a thumb drive, the insinuations
recur whenever I use the search function in an email folder to find  
and then move
the target emails into a destination folder.

I installed ClamAV and ClamTK and then scanned my entire Home  
directory recursively,
but nothing was found in my main Icedove profile, and the behavior  
described still
persists.

If I do a Google search on a portion of the phish's subject line, I  
get a large
number of hits identifying the emails as phishes.

Here is that subject line:

> eBay New Message Received from Seller for Item#330082756410

While I was sorting files into my main mail file system, I noticed  
that Icedove
could not accurately count the number of emails in the source folder,  
whose count
fluctuated up and down. I had combined emails from several other  
disparate email
profiles into that one folder, however. Other source folders were  
better behaved.

In a test profile, I deleted the folder and contents of the offending  
emails and
also deleted the one blank email with its 12/31/1969 date from the  
target folder
after moving files into it, and when I tried that again after no known  
instances
of the offending email could be found with the search function, the  
insinuations
stopped. However, when I repeated this exercise with the much bigger  
main profile,
I could not get rid of the insinuations. However, I did find that they  
were not
propagated by selecting & moving the emails from within the source  
folder into a
target folder; only search & move performed the propagation.

Can anything be done about this ?

Thanks,
George Langford






More information about the clamav-users mailing list