I just opened a Mail msg. that looked problematic and was fairly quickly recognizable as suspicious. Sophos confirmed the presence of a malware attachment (not opened), but I am unable to delete the attachment nor move the msg. to Trash or Junk. Error msg. says “Couldn’t move messages to library.” Please advise. I’m running MacOS Mojave (10.14.6) on an older vintage MacBookPro.
Has the message been downloaded to your Mac? If it’s on the server (e.g. via an IMAP connection), then can you connect to your ISP’s web-mail page and delete the message from there?
Another possibility. If Sophos identified the malware, perhaps it already deleted the message or its attachment. If so, then Mail’s database might be out of sync with the downloaded message, which might explain the error. If so, you can try rebuilding the mailbox. This will discard and re-download all your attachments and sync the database. But if you do this, start by deleting the message via a web-mail interface first, otherwise Sophos will see the malware again and will probably re-introduce the damage.
I was able to follow the directions on Sophos’ website to clear this particular msg. and attachment. But there are still some older threats that still show up on my Sophos scan. When I follow their protocol to search for the items using Spotlight, it comes up No Results, but Sophos still shows them as active threats.
One of those is older and only in my Time Machine backups. Their instructions for fixing that appear to suggest deleting any backups that have the threatening item in them, but I don’t see how to do that without underming the integrity of my whole TIme Machine resource.
Try going through your ISP. They may still have the email on their server. Delete it from there.
It would help to know exactly what malware Sophos is informing you about, but a bit of advise regarding malware distributed as email attachments to hopefully calm your fears.
An extremely high amount of such malware is Windows only and therefore cannot harm your Mac. And the majority of the rest are MS Office macros that are disabled by default and will display a warning that you would have to allow such a macro to run. Lastly, there are no email attachments that can harm your computer unless you attempt to open them.
Yes, it can be done, but it’s a bit complicated. My advise in such situations is to make a mental note that if and when you find a need to restore from backup that your first act is to scan your boot drive and remove any such items that were restored from backup. Eventually all of those items will be removed over time and will cease to be an issue. Most anti-malware will refuse to scan Time Machine and other backup drives since they are not able to eliminate the threat as doing so will likely corrupt the entire backup in the process as you surmised.