Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Virus 8399.emlx

I have a virus that continues to appear but gets detected by ClamXav. The identified virus is 8399.emlx and it is found in my

/Users/(Mydirectory)/Library/Mail/IMAP-(My email)@imap.gmail.com/[Gmail]/All Mail.imapmbox/Messages/8399.emlx:


After it is found it reappears and the only function I am performing is Web browsng with no downloads. Anyone have any experience or knowledge of the virus?

MacBook Pro, Mac OS X (10.6.8)

Posted on Jan 9, 2012 8:35 PM

Reply
58 replies

Jan 9, 2012 10:47 PM in response to macfrombrampton

In ClamXav, choose Help > ClamXav Help, or go to


<http://www.clamxav.com/documentation.php#infected>


and read Dealing with Infected Files. Heed the warning about deleting or putting in quarantine e-mail messages. So use Reveal in Finder to show the respective file, double-click on it to open it in Mail, and delete it. Then make sure to delete the message from server, otherwise it will show up again.


As to the malware itself, it's not going to affect your Mac in any way. But, by finding and deleting it, you made sure you wouldn't pass it on to a Windows-using friend or acquaintance, who might very well have been affected. You've done your good deed for the day. You can now go to sleep with a clear conscience.

Jan 9, 2012 10:58 PM in response to macfrombrampton

macfrombrampton wrote:


I have a virus that continues to appear but gets detected by ClamXav. The identified virus is 8399.emlx and it is found in my

/Users/(Mydirectory)/Library/Mail/IMAP-(My email)@imap.gmail.com/[Gmail]/All Mail.imapmbox/Messages/8399.emlx:

Actually, that's the name of the e-mail message file that may be infected. It's not a virus nor is it the infection name.

After it is found it reappears and the only function I am performing is Web browsng with no downloads. Anyone have any experience or knowledge of the virus?

You don't say how you are trying to get rid of it, but there is only one way to safely process an infected e-mail and that is from within the e-mail client (Apple Mail in your case). Otherwise you will most certainly corrupt the mailbox index (which can usually be fixed by rebuilding the mailbox), could cause you to lose additional e-mails and as you found, sometimes does not delete the file from the server, so it comes to your computer again the next time you check for new mail.


You can either navigate to the location shown above or the next time ClamXav finds it, Right-click / Control-click on the file or infection name and select "Reveal In Finder" from the contextual pop-up menu. Once the file appears in the "Messages" window, double-click on 8399.emlx and read the message. If you agree that it is an infected message that you don't need, make note of the date and subject of the e-mail (you will need this in the step below) then use the Mail delete button to trash it, then if you have elected to move deleted message to the trash, be sure to empty the trash mailbox. If it appears to be a false alarm and is an e-mail you want to retain, write down the number so that you can ignore it during future scans.


With gmail accounts, there is sometimes an additional step to permanently delete the message. Log into your gmail account in webmail using your favorite browser. Go to the "All Mail" mailbox, search for that message using the subject and date copied above. Use the webmail delete button and again make sure to empty the trash if there's anything there.


And in the future I would encourage you to visit the ClamXav Forum where you will find the answer to most situations and usually a faster response if you don't find it.

Jan 10, 2012 9:55 PM in response to macfrombrampton

macfrombrampton wrote:


MadMacs0 you are correct. I placed the filename the name of the Virus that Clamxav found is "Heuristic.Phishing.email.SpoofedDomain"

Heuristic means there is a chance that it guessed incorrectly and there is nothing wrong with the message. Phishing and SpoofedDomain means that as long as you don't click on the link and enter privacy information on the web site it takes you to, the message is harmless.

the file 8399.emlx was removed several times but it keeps coming back. Any ideas?

Huh? I spent about half an hour outlining detailed instructions on how to take care of it. Have you tried all of it?

Jan 11, 2012 2:01 PM in response to macfrombrampton

macfrombrampton wrote:


I belive this is a valid virus.

There are no known viruses that effect Macs unless they are running Windows. "Heuristic.Phishing.email.SpoofedDomain" e-mails do not affect e-mail in any way. If valid the only way it can hurt you is if you click on the spoofed domain link which will open in your browser. There they will ask you for privacy information in an attempt to steal it (e.g. login and password, credit card number).

I noticed that when I sent an Email in some cases the Email was not sent. Once it was removed the Email message when through.

Coincidence.


How far did you get in the process I outlined above for permanently deleting this? WHat is the subject of the email? Who is it supposedly coming from? How long has it been in your email? If you don't do what I suggested it will be there forever.

Jan 13, 2012 9:20 PM in response to macfrombrampton

macfrombrampton wrote:


This is a Virus as it has appeared in the same spot after more than 10 deletions and i noticed other posts.

Listen to me. There are no Mac viruses, period, and a phishing email is not a virus. That message is still on Google's gmail server and gets downloaded to your hard drive every time you check for new mail.


As I said last night, Google reportedly has a fix for that, so it perhaps it will now go away.


If you want it to be gone for good then you I strongly recommend you log onto Google gmail using your browser, not Mail and delete the message there, but to find it you must know the subject and date it was sent out. If you haven't opened it up to find that information then you may be stuck with it forever.

Jan 16, 2012 1:58 AM in response to macfrombrampton

macfrombrampton wrote:


This is a virus for 2 reasons


1) Clamxav finds this virus even though it has showed up with 3 different file names

2) I removed the file from mail and the Gmail server and it still shows up

OK, I see your point, but since it's only showing up on your Mac because it keeps showing up on the Server (as a new message, if I understand what you are saying) it's not spreading by itself, which is what a virus can do.


Are all these messages from the same source? Does it appear to be from an organization you deal with or just junk mail?


The reason I ask is that in my mail I have 20 or so e-mails that have been identified as heuristic.phishing and they are all newsletters from my credit union that contained a link to FaceBook. It was flagged because it didn't come from FaceBook. When I complained that I didn't think FaceBook deserved to be protected as a financial institution and that it would be referenced by hundreds of organizations looking to be "liked" they removed it. I still get a few similar hits, but in every case both the e-mail and the link have checked out and I want to keep them. I just make note of the file names and ignore the hits.

Jan 16, 2012 5:44 PM in response to MadMacs0

This is a virus for 2 reasons


1) Clamxav finds this virus even though it has showed up with 3 different file names

2) I removed the file from mail and the Gmail server and it still shows up

Repeat: There are no known viruses for Mac OS X in the wild. If it were a virus your who HD would by now be erased or affected in some other way. ClamxXav and other AV software can raise false alarms. If it were a virus it would be so new that it would not even be in ClamX database.

Jan 17, 2012 4:24 PM in response to macfrombrampton

macfrombrampton wrote:


This virus appears to be coming from false Google alerts emailed to me. I would like to know from any other Macbook OS snow leopard if they know the function of this virus. If Clamav is able to identify it as "Heuristic.Phishing.email.SpoofedDomain" then there must be a function for this virus.

As many have said, it is not a virus.


  • Heuristic means that they clamav has no proof that this is malware, but by applying 28 different tests they are guessing it could be.
  • Phishing means that it could be an attempt to harvest personal information about you (userID, Password, Creditcard number, etc.) by asking you to enter it into a form that is revealed when you click on a link that takes you to a web page.
  • email is self explanatory
  • SpoofedDomain indicates that there may have been an attempt to disquise a clickable url as some other site (probably Google) when it actually takes you to the bad guys site.


If you would like a second opinion on any of these terms you can find them on WikiPedia, but it's about to be shut down for a day or two, so you need to hurry.


I don't know why it makes a difference as to whether I use a MacBook and Snow Leopard, but I don't currently use either. I do provide uncompensated tech support on the afore mentioned ClamXav Forum, however.

Virus 8399.emlx

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.