Re: [MlMt] ClamXAV warning / DarthMiner in ~/Library/Application Support/MailMate/Database.noindex/Headers/#quoted.cache
On 2 Feb 2019, at 10:01, Robert M. Münch wrote: Hi, I got a warning today from ClamXAV about DarthMiner in the above file. And ClamXAV moved the file into quarantine. Anybody any idea how this can happen? I would hope that since the people who make ClamXAV charge a subscription for their malware pattern database, they would be able to explain their product's behavior to users. You should be able to get a firm answer from them. My GUESS is that this is a false positive. For most people using macOS, using an "anti-virus" tool in an active mode presents a greater risk for destructive behavior due to false positives (e.g. quarantining files without warning) than they would be due to actual malware. According to the descriptions I've seen of the "DarthMiner" malware it is distributed as a fake software piracy tool, so avoiding an actual infection is a trivial matter. What the file contains? ~/Library/Application\ Support/MailMate/Database.noindex/Headers/#quoted.cache contains a cache of quoted body text from your emails. It is part of MailMate's search system. Moving it may or may not do permanent damage, depending on what has been done since the move. How to best proceed now? 0. Fix your ClamXAV configuration to never move or delete files without asking for permission. 1. Quit MailMate 2. Check if MailMate has created a replacement for the file. If it has, your index database is probably not valid and should be rebuilt from the actual messages. See the MM documentation for how to force a rebuild. 3. Check the last change time of the quarantined file. If it was last changed when you quit MM, it may be fine: just move it back to where it belongs. If the last change time is before it was quarantined, it is probably stale and therefore worthless: rebuild the database. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
[MlMt] ClamXAV warning / DarthMiner in ~/Library/Application Support/MailMate/Database.noindex/Headers/#quoted.cache
Hi, I got a warning today from ClamXAV about DarthMiner in the above file. And ClamXAV moved the file into quarantine. Anybody any idea how this can happen? What the file contains? How to best proceed now? Viele Grüsse. -- Robert M. Münch, CEO Saphirion AG smarter | better | faster http://www.saphirion.com http://www.nlpp.ch signature.asc Description: OpenPGP digital signature ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
Re: [MlMt] Review muted items
You should try out org-mode if you haven't already :) On Fri, 1 Feb 2019 at 15:48, Benny Kjær Nielsen wrote: > On 31 Jan 2019, at 17:54, John Cooper wrote: > > Bill Cole wrote (at 8:42 on 31 Jan 2019): > > That's odd, because the documentation for muting does not say anything > about muting being tied to sender addresses. > https://manual.mailmate-app.com/organize#muting > > Nevertheless, it's true: it happened with a new thread just this morning, > prompting my question. > > It works, more or less, like Bill described. But looking at the code, it > appears I'm not checking if the subject of the message changed. This means > that if a new thread is created by replying to an existing thread (a bad > habit which MailMate warns about if done using MailMate) then it doesn't > break the muting. I'll look into changing this since it's likely to be a > general problem. > > With respect to the message: links discussed in another thread, I have a > text file in which I'll now add this: > > 1.12.5: Break muting if the subject header has changed > message://%3c2c443deb-15c2-4844-a2b1-b33a27a7d...@coopercontent.com%3e > When determining if a message should be muted then also check that the > subject body (`subject.body`) is exactly the same as the subject body of the > parent message. > > I can follow the link if I need more context. The prefixed version number > is for which version I plan to include this fix. The use of * is my > ad-hoc priority system which is used for sorting. I have a script which can > grep and sort based on version number and priority. It's primitive, but I > like plain text because it makes it easy for me to move things around and > search for similar notes (I have a pretty bad memory and rely on being able > to find every thought I've had in the past). > > -- > Benny > ___ > mailmate mailing list > mailmate@lists.freron.com > https://lists.freron.com/listinfo/mailmate > -- /max http://about.me/maxandersen ___ mailmate mailing list mailmate@lists.freron.com https://lists.freron.com/listinfo/mailmate
