Monday, February 24, 2014

SOLVED! Microsoft System Center End Point Protection Failed to Remove Infected Mail in Thunderbird

Normally, Microsoft's SCEP is able to remove infected mails in Thunderbird without any difficulties. However, in rare situations it could repeatedly reported infections but failed to remove infected emails.

Added to the difficulty, the reported infected CANNOT be found anywhere in Thunderbird mailbox folder!!?

After some tests, studies and investigation, the cause is found! The infected mail is actually HIDDEN in Thunderbird, marked as available space, waiting for a "COMPACT" to release the space.

SOLUTION: Start your Thunderbird, right click on the infected mail folder, select "Compact". Once the mail folder is being compacted, the infected mail is removed and SCEP reported no more infection!!

I suspect similar problems also happens to users of Microsoft Security Essential and the built-in Windows Defender in Windows 8. It really sounds ridiculous that Microsoft antivirus will treat a deleted, hidden mail as a "production" mail.

TOOLS: You may want to verify if the "COMPACT" of the mail folder is effective. I found grepWin a good tool to use (http://stefanstools.sourceforge.net/grepWin.html). Another helpful tool is Notepad++ (http://notepad-plus-plus.org/), which actually can open, read and search Thunderbird mailbox files.

No comments:

Post a Comment