emlx - eMail Phishing Blackhole

It sounds like you're using an "anti-virus" program, and it's falsely labeling legitimate email as phishing attempts. The solution to that problem is to get rid of the program.

Strangely, yesterday for the first time I found these issues too

Email.Phishing.Blackhole 482 .Blackhole 3 etc.

Email.Trojan-313 -402 -322 and so on

Also found Mal/FunDF-A

Last week as usual my drive was clean, yesterday's scan came up with 375 of these issues that were found. What suddenly changed?

Any ideas?

Any file ending in .emlx is an e-mail message in Mail. It cannot harm your Mac as-is, though it may contain links or other information that attempt to "phish" sensitive information. It may also have an attachment, which could be malware that almost certainly would be Windows malware.

Any messages marked as "Email.Phishing.whatever" by ClamXav, if that is what you are using, may be phishing e-mails or may be legit. Its detection of phishing attempts is not perfect.

In any case, whatever you're seeing (actual names as reported by your anti-virus software would be helpful) is almost certainly not a threat to your Mac (see my Mac Malware Guide). Phishing e-mails could be a threat to your personal information, but only if you responded to them or clicked a link and then provided personal information voluntarily.

It seems that each of these files are tied to my Paypal. But you're saying, "don't be concerned." Right?

If the messages have a link to a Paypal web page, you have to inspect the address to make sure it's that of a legitimate Paypal server. The address should look like this:

something.paypal.com

It should not look like any of these:

paypal.something.com

somethingpaypal.com

paypalsomething.com

A phishing website may look identical to the real Paypal site.

Safari has built-in protection against fraudulent sites, which you can activate in the Security tab of its preference dialog. Don't rely completely on that protection, however.

What is the path at which these files reside? If they are in your username/Library/Mail/ folder then they likely are from e-mail spam in which case the best approach for managing them is to adjust your Junk mail settings, manual rules, or consider a third-party Junk mail filter to better control them.

Thomas A Reed wrote:

Any messages marked as "Email.Phishing.whatever" by ClamXav, if that is what you are using, may be phishing e-mails or may be legit. Its detection of phishing attempts is not perfect.

Actually, it's the one's that are marked "Heuristics.phishing..." that are guesses. The ones without "Heuristics" are usually accurate.

@Ce Dawkins: In any case, Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail. Follow the path to the message and use your e-mail client to decide whether to retain it or not. If no, use the e-mail client delete button to get rid of or move it to trash. As Topher has suggested, it's usually a good idea to empty your junk/spam and trash folders before you conduct a scan so you won't have to deal with them.

Actually, it's the one's that are marked "Heuristics.phishing..." that are guesses. The ones without "Heuristics" are usually accurate.

Ahh, good to know. Thanks!

MadMacs0 wrote:
use the e-mail client delete button to get rid of or move it to trash.

I was curious about this because I have found Spam e-mails with attachments that I have deleted from the Trash have shown up in the virus check.

Just wondering when emptying the trash if this just only deletes the reference without deleting the actual e-mail from the HD.

Also, if after emptying trash that e-mail shows up in the virus scan and is quarantined - are there any issues.

Recently I have been getting long lists of such potentially contaminated e-mail files every time I do a virus scan.

Memoire wrote:

I was curious about this because I have found Spam e-mails with attachments that I have deleted from the Trash have shown up in the virus check.

Just wondering when emptying the trash if this just only deletes the reference without deleting the actual e-mail from the HD.

It deletes it from the HD, but not from the e-mail server. It also corrupts the mailbox index, so the next time you check for new e-mail the deleted file may or may not be deleted from the server and sometimes ends up back on your HD. The latter is almost always the case with a gmail account.

Also, if after emptying trash that e-mail shows up in the virus scan and is quarantined - are there any issues.

Yes, the same issue as moving it to the trash, mailbox index corruption.

Recently I have been getting long lists of such potentially contaminated e-mail files every time I do a virus scan.

A couple of things. If the word "Heuristics" appears in the infection name then it is a warning to you that something appears suspicious about the formating of the message which might be a phishing attempt. You should always read these messages to see whether it is or not. Those were not positively identified as being contaminated through an exact match to a signature.

Again, if this is a gmail account, you will need to do a little extra work to permanently delete it from the "All Mail" folder by using webmail in your browser to first delete it and then empty the Trash folder. There are some settings on the gmail server which have been shown to improve this situation.