How to open INBOX file
Hi
I am having trouble finding emails with malicious attachments. I'm using one of ESET's security products which, after scans, find malicious content in the INBOX file, located locally on the device under the path %APPDATA%%RoamingThunderbirdProfiles(_Name_Of_the_profile)_Imapmail(_Name_of_mail)_INBOX(mail123). Unfortunately, the security product is unable to get rid of the dangerous file, but only gives information that something bad is in the email. When trying to find a specific email, I unfortunately run into a lot of problems. 1. the name of the email - in this case "mail123" does not exist in the thunderbird application itself. If I understand correctly, thunderbird itself chooses names for individual mails and then packs them in the INBOX file. 2. it is possible to correlate the email name from the INBOX file to the actual name(subject) of the email using other software such as MailStoreHome by importing the entire email profile (_Name_of_the_profile). 3. once the email is already correlated and found in MailStoreHome, I should be able to find the same email in Thunderbird (as I have imported the INBOX file, which is located locally, and which Thunderbird itself reads). Well, unfortunately no. Such an email in the Thunderbird mailbox (I already know the subject, content, date, etc.) does not exist.
And here comes my question. Is it possible to open the INBOX file itself and then find the unfortunate email and delete it?
All Replies (3)
I failed to renew my ESET because their product no longer met my requirement of doing more good than harm. This is another example of using fear tactics to try and make yourself appear relevant and useful.
When you get an attachment in an email, it is not a file. It is a collection of MIME encoded text as emails can only contain text. So you have this text document sitting on your hard drive. The digital equivalent of a hard cover book.
Along comes ESET, takes the text, decodes it into it's original binary, converts it into the named attachment file, scans it and says "this is bad you have an infection sitting there waiting". Just as the bubonic plague is sitting waiting to escape from a medical text book. If does not even exist in the email until it is decoded. When will this be? When you try and open it or save the file to disk. What will happen then. Eset will block it as it clearly has to correct signature to do so.
Result so far, you are looking for something you have been told is bad that really is not going to hurt you or your computer if it exists in it's current form for a millennia on your hard disk.
Now the mail store file has no file names, because it is a single file. Pick any of your emails in Thunderbird and view the source. That is what Thunderbird stores. Immediately after the last email in the file. There are no file123 names, or any file names at all. Just an mbox file called inbox with a load of text in it.
I know nothing of mailstorehome and have no desire to learn about it. Thunderbird covers all of my mail needs without third party product to mess with storage, backups or anything else.
I suggest you right click on the account in the folder pane, select compact from the menu and let that run. Most of these type of alerts are for mail that has already been deleted. Often years ago and is no longer shown in the user interface because it is marked as deleted.
Only a compact removes the stored content from the file. Deleting it only marks it as deleted and hides the email.
Thank you for your resposne. I'll try to test it ASAP. Unfortunately it will take some time, as I don't have access to the machine for now.
One method would be to create a folder on desktop to receive eml emails - call it eg: Scan Emails Then use the 'ImportExportTools NG' addon - so install this addon extension. Right click on Inbox > ImportExportTools NG > Export all messages in folder > EML message format Choose the folder you created to receive them
Then run scan on that 'Scan Emails' folder and if it finds a problem then you can easily tell which email is bad.
Then delete the 'Scan Emails' folder and locate the bad email in 'Inbox' Delete bad email and then compact the Inbox.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.