• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!


Full System Scan unexpected behavior....

This is a "cautionary tale" as the behavior may be contra intuitive to others.... The other day I apparently downloaded some kind of "treat" into my Thunderbird email "inbox" file.  When I went to open my mail, I got the attached text associated with a popup warning that my inbox file was quarantined.   Obviously, Norton thought something was "wrong" and would not let me access the compressed portion of my inbox.  Fortunately, I had recently done a "full system" backup using my preferred backup software (not Norton Backup - which has given my cat fits over the years when backing up to a NAS drive attached to my router due to network delays/buffering/primitive router software support for the NAS, etc., etc..) I knew Thunderbird keeps mail in multiple files and I was not sure exactly which ones I needed to restore from the full backup, but I really wanted to be able to restore my inbox since I had unfortunately not "archived it" in some time and had about 30K messages indexed in my "inbox."  I figured I would do an incremental backup to save having to re-do everything that had been done (like Microsoft Windows automatic updates) after I restored the system to the backup point, but in case there were any more "issues" I decided to do a "full system scan" before running the incremental bacup.  Unfortunately, apparently I did not appreciate the "quarantine" process and its' relationship to the full system scan rules.  What happened was this:  The full system scan deleted my quarantined "inbox" file taking all 30K mail messages with it and lifted the "quarantine." .  Firefox created a new "inbox" and lo and behold, I could now access new emails, but still had no access to the 30k messages in my inbox of old.  Now I have to figure out how to piece together two different sets of Thunderbird indexed in-boxes, or restore and immediately "archive" the old inbox, then restore the new one from the incremental.  My confusion was that I thought once a file was quarantined it was still going to be available for possible later analysis/inspection.  I wanted to get a better reading on whether or not I could "override" the specific quarantine once I submitted the file signature for analysis hoping that I would be able to simply go to my message index and from the subject be able to delete the offending email content using Thunderbird's UI by ignoring the quarantine warning once I knew what I was dealing with.  Can someone tell me from the attached signature report what had been discovered in my inbox?  I would like to track it back to its' source email address and block it from any future mailbox lockups.  Now that the full system scan has deleted my inbox, I'm afraid that will not be possible.  Probably the best I can do is to retrieve my old mail from backup, archive it, and restore the mail received since from an incremental backup.

File Attachment: 
"Retired Cybergeek"