[chasg]

Hi All,

Ok, a friend of mine (no, really) is having a lot of trouble with Entourage X (the first OSX version, not the 2004 version). It keeps failing during email checks (but this evening it worked for 25 minutes before reverting to its non-functional state).

I've only been able to help him over the phone so far. I got him to rebuild the database ("option" key on application startup), removed the com.microsoft.entourage.plist prefs file from his user:libraryreferences folder and, just for the heck of it, zapped the PRAM.

In order to check that his settings were correct, I got him to call his service provider: BT Openworld (the broadband service provided by the UK's national phone carrier). They said that they detected, from their end, spybot/virus-like behaviour.

Now, I did a search here on spyware, and didn't really find much discussion. I know that PCs are rife with it, but that Macs have so far not been targets. But...we're talking about Entourage here, and I wouldn't be surprised that a PC script-based virus/worm could migrate and screw up Entourage (I have to admit that I've only heard about MSoft worms causing Entourage to pass them on, not actually screw up how Entourage works).

I'm going to visit him tomorrow and see if I can help him out, but I was hoping to go in with a bit more knowledge than I have now.

So, does anybody know of a Microsoft-based virus that'll infect a Mac running EntourageX (that a remote tech could detect?).

If yes, how can I help him get rid of it? (Norton?).

Any help would be much appreciated.

Chas

[larkost]

Your friend is probably trying to connect to a SMTP server other than the ISP's and so has a outgoing message that is not sending (causing the error message). The ISP has probably blocked the SMTP port and is recording this perfectly normal setting as "spyware/spambot". I am not aware of any Office macro-virus that can successfully email out on a Mac, but that would be the only possibility for a virus on the Mac.

Personally I would recommend that your friend move to either Mail.app or Thunderbird, but that is more of a personal preference than a security concern. On Windows it would be a strong recommendation for Thunderbird out of huge security concerns.

[chasg]

Hi larkost, thanks for replying.

Well, I've gone though with him his settings, and he's using his ISP's SMTP server. What makes me wonder about that point is that he did get a period of about 25 minutes where Entourage was sending and receiving successfully, and he certainly didn't make any changes to his accoutn settings (to be honest, he didn't even know where to start, and I've stressed to him that he shouldn't be expoloring :-)

I will check this though when I visit him tomorrow (it's an intriguing idea, thanks).

When I upgraded him to OSX, he had to abandon Outlook (I said I wouldn't help him anymore if he tried to keep Outlook on in Classic :-

So, I migrated his mail to both Entourge and Mail. Familiarity with MSoft products made him go with Entouragae. Tomorrow, we're going to revisit Mail (I feel another ultimatum coming!)

You've been very helpful, thanks very much!

Chas

[larkost]

One other possible note, if you check too often some ISP's deny the connection. It could also be what the ISP is seeing.

[chasg]

I know that he's got it checking quite frequently, I'll slow it down. Good idea, thanks.

Chas

[Randman]

Yep, I'd advise at least 5 minutes, 10 would be even better.

BTW, even if some virus or bugger from a M$ product was introduced, it wouldn't be able to hose the OSX system unless it ran some type of AppleScript into Terminal, and I've never heard or read of anything like that anywhere.

[Diggory Laycock]

BT are imbeciles - OpenWoe is famous for bad service.

Any details from them about this "mailware-like behaviour"?

Ports? IP addrs.?

[chasg]

Randman, I've dropped him down to 10 minutes (that's not going to stop him from manually checking every 30 seceonds though :-). I appreciate your reassurance that MSoft-based worms won't affect OSX (it's something that I had already told my friend, but it's good to have a second opinion: I showed him this thread when I was over there today).

Diggory Laycock, yes, BT really is terrible (I never recommend them, too many horrow stories: tech support uselessness, outages, settings changes without notifying customers. It goes on...). My friend says he spoke to 5 different techs over a few phone calls, and the advice was different every time, though more than one noted the "virus-like" behaviour (my friend isn't savvy enough to get ports or ip addresses, and I didn't bother to call BT when I was visiting today). Hmm, I guess my friend has the very first OSX virus.

Of course, when I got over there today, none of the problems were happening (figures!). Keeps up my reputation as a guru though (beingg able to solve problems just by getting there, LOL!).

Looks like there is no way he's going to consider a swap over to Mail (bummer, for him). Maybe after a few more weeks of strange Entourage behaviour he'll come back to me and I can then convince him to go with another email app.

Thanks to all for the info and advice,

Chas

[DevNine]

try the following from the console

telnet pop3mailhost 110
user username
pass password
uidl
quit

If that works then there is nothing wrong with your pop3 mail server.

try the following from the console
telnet smtphost 25
helo
mail from:emailaddress@whatever.com
rcpt to:youremail@asdasd.com
data
enter some data here
end with a full stop on a single line
.
quit

if that works then there is not problem with smtp. Perhaps you need to authenticate before sending the mail ?


below is an example of smtp
pb:~ danny$ telnet www.dinneen.com 25
Trying 64.14.68.141...
Connected to www.dinneen.com.
Escape character is '^]'.
220 server290.com ESMTP
helo
250 server290.com
mail from:asd@asd.com
250 ok
rcpt to:asd@asd.com
250 ok
data
354 go ahead
test
.
250 ok 1105586783 qp 9002
quit
221 server290.com
Connection closed by foreign host.

[tomtom]

Has he applied the Oct. 2004 update?

From <http://www.entourage.mvps.org/troubleshoot/crashes.html>

Check for a bad message: A malformed spam message was sent to many people causing the Junk Mail Filter in Entourage X to fail. This is fixed in Entourage 2004. The cause of this is a missing bracket within the header information. The JMF cannot parse the information and fails. Microsoft is aware of this situation.Turning off the JMF after you have a crash situation, Re-downloading the mail, deleting the bad message, and then re-enabling the filter is the easiest workaround. This is fixed in Entourage 2004, This is fixed in Entourage X after applying the Oct. 2004 Security update.

[chasg]

DevNine, many thanks for the Console tips. I can't try them out on his machine as I'm not there anymore (sorry!), but it's always good to know more command line stuff.

I'm pretty sure that it's not necessary to authenticate on the smtp server (though, just to be safe, I've tried with and without authentication, doesn't seem to make a difference, if I remember correctly).

tomtom, I'm sure that he'd never updated the initial installation. When I visited him the other day, he'd caved in and bought Office 2004, and Entourage has seemed to work ok for a couple of days (fingers crossed!). Maybe it was the lack of the update you mentioned that has been the root of the problem all along.

Funny you should mention a bad message, a month or so ago I went in to help him out (Entourage probs again) and there was a message I couldn't even click on (if I did, Entourage would crash). I did a datebase rebuild and that seemed to help (I could click on the message, and I deleted it). He gets a _ton_ of spam (doesn't practice safe 'net) and I wouldn't be at all surprised if he was getting _lots_ of bad messages. Thanks for pointing out the possibility.

Chas