|
ffaucher
| Joined: 19 Feb 2009 |
| Posts: 0 |
|
|
|
 Posted: Fri Feb 20, 2009 4:03 am |
|
 |
 |
|
|
A scan with Clamwin found Exploit.IFrame.Gen:
c:\WINDOWS\All users\.clamwin\quarantine\infected.Bo?®te de r?©ception.mbx: Exploit.IFrame.Gen FOUND
Can I delete it safely from quarantine (bo?®te de r?©ception is the box for my incoming e-mail in Outlook Express)?
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Fri Feb 20, 2009 12:49 pm |
|
|
|
|
|
Hello,
I am not 100% sure since I have no mail client installed on my machine but if you remove the quarantine file you risk to lose the whole inbox (if I am not wrong this is stored as a single file). My suggestion is to copy back the file to its original position removing the infected. prefix from filename. Then check yr. inbox to see if you find mails coming from unknown/unexpected sender or simply if there are unusual attachments in it. Set clamwin preferences to 'Report only' option (and keep it as a default setting) and scan the suspect message. If clamwin find the message is infected you can safely remove it. run a complete scan again and threat should have gone.
Be aware that you have no real time scan of email using Outlook express; this is active only with the integration with MS Outlook (which come as a part of MS Office) . If you wish to have a real time scan for in/outgoing mail you should choose any of the free AV tools (Avast, Avira Antivir free, AVG free) which are available on the web. As Clamwin has no real time scan feature enabled right now it won't conflict with any resident AV.
Regards,
Antonio
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Feb 20, 2009 2:16 pm |
|
|
|
|
|
That Exploit.IFrame.Gen may be a false positive. Not every IFrame is malicious, and it looks like a generic signature.
Regards,
|
|
|
|
ffaucher
| Joined: 19 Feb 2009 |
| Posts: 0 |
|
|
|
| Posted: Sun Feb 22, 2009 1:25 am |
|
|
|
|
|
I took a look in C:\windows\...\Outlook Express\ and my bo?®te de r?©ception.dbx was still there while there was "infected bo?®te de r?©ception" in quarantine. I deleted what was in quarantine, it went in the recycle bin. A new scan with clamwin revealed no infection this time. My Outlook Express works good ( I sent myself a e-mail).
I'm wondering if what is sent in quarantine is a copy or the whole file itself?
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Sun Feb 22, 2009 3:27 am |
|
|
|
|
|
Hello ffaucher,
Just to be sure, make a check that all the messages in your inbox are at their place and fully accessible.
More info on https://en.wikipedia.org/wiki/Outlook_Express .
Slts
Antonio
|
|
|
|
ffaucher
| Joined: 19 Feb 2009 |
| Posts: 0 |
|
|
|
| Posted: Sun Feb 22, 2009 4:04 am |
|
|
|
|
|
Hello Antonio,
Can you explain in other words what you mean by checking that the inbox messages "at their place" and fully accessible". I received the last topic reply notification from the ClamWin forum with no problem and I can read it.
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Sun Feb 22, 2009 4:52 am |
|
|
|
|
|
Hello,
My concern was about older/stored messages in the inbox. Just verify if older messages are correcly stored and accessible. If they are I assume you can remove the file from the recycle bin.
Regards,
Antonio
|
|
|
|
ffaucher
| Joined: 19 Feb 2009 |
| Posts: 0 |
|
|
|
| Posted: Mon Feb 23, 2009 4:22 am |
|
|
|
|
|
I never keep old messages in my inbox to have it clear and easy to detect the new ones. As soon I read them, I move them to deleted files box or a specific box when I decide to keep some. But I will keep the messages in my inbox for 1-2 days to check if it works good. Thanks for the clue.
|
|
|
