Manage Learn to apply best practices and optimize your operations.

Delete mail messages that contain auto executing viruses

Here's how to delete mail messages that contain auto executing viruses like [email protected]

You Can View User Feedback To This Tip

If, as I do, you use the Notes mail client at home, viruses like [email protected] and [email protected] can be a real problem. If they get into your mail file, you can't delete the email message that contains them. If they slip past the server anti virus software at work, you have the same problem. Unfortunately there is nothing you can do in the Notes client that prevents them from executing - this is a real weakness in the present implementation of the ECL.

If you mark the infected message for deletion, when you press F9 to delete it, the virus executes. Fortunately, software like the Norton Anti Virus will catch it, and prevent it from damaging your PC. (These days I am paranoid about keeping my anti virus software up to date.) The real problem is that you can't delete the infected mail message through the Notes client front end.

One solution is writing some code to delete the infected message via the Notes back-end. But that is a lot of work, even if you are a good Notes developer. Not wanting to waste so much time, I discovered a much easier way to delete the infected mail via the back end, and that is via the web browser. This technique works for both local and server mailboxes, and also for the standard R5 mail template, and the iNotes mail template.

1) Ensure that you have the ACL rights to delete a message from the web browser. For a local client you can turn replication off, give "Anonymous" manager rights with delete. (Remember to reset the ACL rights when you are done!). If you get prompted to log into your local client, your ACL rights are not correctly set for this procedure.

2) Open the In-box in the web browser. Click on any message in the inbox, and then use Actions... Preview in web browser...

3) Delete the infected mail message.

4) Empty the trash (this is the step that actually removes the infected message from the mail file.)

5) Close the browser, and you are done.

That's all there is to it. I hope this saves you from wasting the time I spent solving the problem.


  • After having read this tip, I was shocked about the inappropriate implications that Chris is showing here. Both mentioned viruses are using specific Outlook exploits to autorun on anybody's machine, as you can easily verify on the Symantec website (Symantec security response ). There is no way in Notes to do the same in the notes-client. Of course, you can execute that viral code, if you are launching the infected attachment, but then, that is yourself, executing it, not Notes. In such circumstances, because the virus is using the MAPI functionality, there is a chance, that the virus can misuse Notes, if notes are installed as a MAPI service provider on your machine. This is the case, if you are able to send mails directly from other applications like Word.

I just tried to mimic the situation, Chris is describing, but it really does not work that way: I disabled NAV (enterprise edition, version 7.5), and send me a mail, where I have attached a file infected with [email protected] After that, I reactivated NAV. As it is usually recommended by most specialists, I did not open the infected message, but deleted it directly in the inbox view. Than hit the F9 key to permanently remove the marked-for-deletion message, and it went away without any further message from NAV. No execution at all, not even the NAV scanner was triggered, which is correct behavior.

Next, I opened the infected message, thinking, not all people are recognizing viral messages immediately from the subject. Now NAV triggered directly on opening the document and warned me, that it found the [email protected] virus, unable to repair the attachment, so that it did quarantine and remove the attachment from the mail-message. From that point on, there is no problem to remove the message in question.

So my question: what is Chris really seeing as a message from NAV at the moment, he is supposing the viral code tries to execute? How at all did he access the infected message inside the notes client, did he open the message, if so, why did NAV not kick in at this moment? Is the NAV Mailsupport configured correctly? Unfortunately, the tip does not give enough detail, to really analyze the situation.

—Jens-B. Augustiny, Certified Lotus Professional (CLP)

Dig Deeper on Lotus Notes Domino Administration Tools

  • Favorite iSeries cheat sheets

    Here you'll find a collection of valuable cheat sheets gathered from across the iSeries/ community. These cheat ...