Windows security quarantined a mail folder thinking it had detected a Trojan. Looking at HIERARCH.PM it looks like my Spamhalter folder. I don't know exactly which message it is though.

Am I right in thinking that it's safe to restore the spamhalter PMM file, (because it's a false positive, or encoded as an attachment and non-executable), or should I just delete the whole thing?

Thanks, Ian.

I think restoring it would just result in another detection on next system scan so, assuming there is nothing of value in it, I would leave it quarantined and create new Spamhalter folder. You will need to go into the Spamhalter configuration and select the new folder as the spam folder even if it has the same name as the quarantined one.

Just as a note: I have occassionally seen a similar running clamscan on my system.
It will flag folders that might contain a virus or more often finds an url link that goes to a different site that what it shows..

clamscam just reports this rather than quarantining the folders..

I will then generally then open the folder in Pegasus and have it extract all messages in folder to a dummy folder. Then run the clamscan on that folder to find exactly what message or messages it is. Sometimes the messages are just trying to show a nicer name, but not matching is a strange thing.

That way you might be able to identify which message is in folder causing the issue, and can delete it, and make sure to compress folder, since it will probable remain in folder after deleting. Pegasus just flags deleted messages until it reaches a certain amount.

Don't know how many messages you have in spamhaulter folder..

Thank you for the advice. I guess I need to keep it in perspective and just remove the spamhalter folder. If it was an important folder then extracting and scanning the folder is a great solution.

Cheers!

Not an expert on Spamhaulter, but would guess if the contents of the folder was suddenly empty, that it would not identify messages as spam that it had previously done from the content of folder?
Would assume it uses the contents of folder in process, otherwise, why wouldn't it just delete messages once processed.

From the help file, section Automated Mail Processing > Spamhalter, a Bayesian Spam Filter > Getting started with Spamhalter:

IMPORTANT NOTE: The messages that make up your corpus NEED NOT be in the same folder; what's more, there is nothing to prevent you from taking groups of messages from many folders in a piecemeal manner, selecting them, then right clicking and training as spam or not-spam, then moving to the next folder and repeating the process.
Once Spamhalter has been trained on your basic corpus, it will automatically apply what it has learned to every new message that appears in your new mail folder. Any new message it regards as spam will be moved into whatever folder you select in the Spamhalter configuration dialog as the Spamhalter spam folder.

IOW: Messages used for training Spamhalter don't need to be in Spamhalter's spam folder, but moving messages into or out of it will further train Spamhalter on each of these moves according if you continue reading the help. I'm not sure whether renaming the folder and assigning a new one would do so as well, but I don't think so, and if it would it should issue a warning, I assume.

The help only says in its Configuring Spamhalter > Spamhalter spam folder section:

For Spamhalter to work correctly, you must select a folder it can use as its spam folder. The folder must already exist, and if you subsequently delete the folder, Spamhalter will not work correctly. Spamhalter will continue to work if the folder is moved or renamed, though. Select a folder by clicking the Select... button and either creating one or selecting an existing folder from your folder list. Note that you cannot select an IMAP folder or a folder located in another user's mailbox as your SpamHalter spam folder.

Since Spamhalter's database is kept in a separate file I don't think it's affected by folder operations.

The file WORDS4.DB3 holds the spam/not-spam tokens used by Spamhalter. The spam folder can be emptied or deleted/replaced without affecting the effectiveness of Spamhalter.