This weekend, I suddenly lost access to 3 years of work emails archived in Eaglefiler. Luckily, I could recover the lost mbox file (several GB) from a backup, but, soon after, the restored mbox file disappeared again.
Long story short, it seems like Microsoft Defender (imposed and managed by my organization a couple of months back) found one or more malware instances in some of the archived emails, and decided to quarantine the entire mbox file without notifying me.
Since Defender is entirely managed by my organization, and no exceptions can be made, I’m looking for a way to replace the coarse-grained mbox file storage format in my Eaglefiler library into something more fine-grained, ideally with 1 file per email. As such, Defender could quarantine only the (few) bad emails, leaving the rest as-is.
Hence, my question: is there a way to “explode” this (and all other) mbox files into individual emails, perhaps spread across a number of folders to avoid the issue of too many files within a given folder? If so, would such functionality be built-in within eaglefiler, or is there some open-source tool that could do this, followed by re-importing into Eaglefiler?
Since I don’t know which specific email messages within the large .mbox file triggered Defender’s quarantine actions, manually dragging out each email would not work. Is there a way to automate this?
The encrypted library might work. However, when the encrypted library’s disk image is mounted (for me to search something in the emails), Defender will scan the mounted image. In that case, would it still only see the encrypted content of the mounted image (which would be perfect), or the non-encrypted data?
You could drag all of them at once or even select all the mailboxes and drag all the messages from all the mailboxes at once.
If it can see the mounted disk image it would have access to the non-encrypted data. But it wasn’t clear to me whether it scans other volumes. Also, if it only scans during particular times, leaving the image unmounted when you’re not using it would at least limit when Defender has access to it.
Great, I’ll drag all of them out at once. I’m hoping that Defender will filter out the bad emails in one or two weeks so that, if having all these individual emails would turn out to be too heavy for my machine, I can merge the archived emails back into a big mbox file.