The GroupWise "Zombification" Tool


It's almost Halloween time, and there's always talk about Zombies at this time of year. Besides being a GroupWise expert, I've also spent a lot of time in Haiti (with Healing Hands for Haiti, my hobby) where most of the "real" zombies live, I'm told. But what you may not know is that we can create zombies of our own in GroupWise. To explain, I need to talk a bit about GroupWise and how it works.

GroupWise uses a set of shared databases to store and represent messages to users. There is a set of user databases (ofuser directory), a set of message databases (ofmsg directory), and a directory for attachments (offiles). When I send an email to someone else in my post office with GroupWise, several things happen (I'm definitely simplifying the process here):

First, I insert the actual message in my assigned message database. Then I create 2 pointers to that message, the first in my Sent Items folder and the second in the recipient's Inbox folder. If there's an attachment to the message, it gets stored in offiles directory, but that's beside the point.

So, let's say my recipient doesn't want the email any longer. He deletes the message and then empties the trash, essentially killing that message from his perspective. However, until I delete the message and empty it from my Sent Items folder, that message, although dead to my recipient, is still living. From my recipient's perspective, it's buried, but really, "It's A-L-I-V-E-!" (wicked sounding laugh here).

I do a lot of email recovery and discovery work, and the question is always asked, "Can you recover deleted mail?" The answer is always, "Well, it depends." That's when I whip out the Recreate User Database (RUD) option in GWCheck - or what I like to call, "The GroupWise Zombification Tool." When you're going through email for litigation purposes, and you can't find the email you're looking for, perhaps the reason it's not there is because the recipient deleted it from his mailbox. But, as long as the sender didn't delete it from the Sent Items folder (something that almost nobody does, by the way, because they don't think to delete sent items) you can run the RUD process and perhaps get it back.

I never guarantee I can bring it back. I'm not sure if you've watched any specials on zombification, but it's a pretty complicated process bringing those suckers back from the grave. The same goes for the RUD process: there are no guarantees. And, like the zombification process, running the RUD option sometimes makes a mess out of your mailbox. RUD will go through every MSG database and check to see if there was at one time a link to its messages in the user's mailbox. If there was, it tries to recreate that message back in the user's mailbox. But it doesn't restore it to its original folder. In fact, all mail that gets "recreated" gets dumped in the Cabinet folder. Sent Items, messages that were stored in folders, and inbox items all get dumped in that one place.

One thing is for sure: the results are never guaranteed, and the restored mail is sometimes messy. Still, every once in a while you get lucky and find the missing message, and everybody is happy to have the dead email back from the grave. So, the next time you're looking for a dead email message, try the RUD to see if it can't bring your email back from the grave. You may just get lucky and come up with the right combination. And if not, you can always rename your user.db back to its original name and forget this process was ever needed. Nobody needs to know.

If you need more information about creating zombie emails, please don't hesitate to contact us for assistance - even if it means bringing emails back from the grave!



How To-Best Practice
Comment List