[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

How can I identify the source (a user's workstation) of a trojan horse virus that is sending spam. We have Groupwise 7.0

Asked by DWIvey in Novell Groupwise, Spam Assassin, HijackThis Software

Tags: Groupwise, spam, trojan horse

We're finding 10's of 000's of emails stuck in our groupwise GWIA's send folder. These emails are spam trying to be sent. We are trying to identify from which user or user's workstation these are being sent. Our mail server gets stuck and no legitimate emails get sent because the queue is clogged. We rename the send folder and create a new one which temporarily solves the problem. These emails are targeted to mostly overseas (Italy, Spain) recipients.

We have been blacklisted a few times.

I have log files but they don't tell me much. I've run virus/malware scans on all the workstations to no avail...
Port 25 is closed and smtp relaying is prohibited (in Console 1)
Anyone have any ideas as to how to stop this?
[+][-]10/17/09 03:56 AM, ID: 25595577Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 09:08 AM, ID: 25606474Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/27/09 09:33 AM, ID: 25674426Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/27/09 09:35 AM, ID: 25674454Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625