Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

Virus attacks through e-mail system

We are getting repeated e-mail attacks that contain virus dangers and each person is getting about thirty in their Inbox.  We run Microsoft Exchange 2003 and the end users use Outlook 2003.  Each time we add a filter for the e-mail address, subject line or attachment, the attacker changes one variable and they keep coming in.  Our virus software which is Symantec is catching the software but we want to stop the repeated the attacks.  Where and how do you check the header files in Exchange 2003 so I can determine if it is from the same IP address and then resolve the ISP provider that it is coming from?
0
regsamp
Asked:
regsamp
  • 2
  • 2
  • 2
  • +1
1 Solution
 
tonyteriCommented:
The problem is most likely more dynamic than you think.  If a user gets the virus it propagates through the outlook client.  so in essence you are not getting the virus attack from one source, rather many.

You are best to check the offending email domains, and then check your firewall logs.  Should a recurring domain be the offender, then simply blacklist the,

/TT
0
 
rindiCommented:
This is spam you are talking about and this hardly ever comes from the same source, so blocking the sender won't really help. what you need is a good anti-spam software. The following isn't bad, although you won't find anything that is perfect on the market.

http://www.gfi.com/mes/

Also teach your users not to open any spam messages or click on any links inside one, as that can send the spammers confirmation that this was a valid address!

0
 
regsampAuthor Commented:
Well, each e-mail that has come through the system has been quarantined, at least the ones that I have seen but I understand when you say their may be more then one source.  It is not a reoccuring domain as they are using @msn or @yahoo and I cannot blacklist these sources.  We have iHateSpam in placed and it is really not that bad.  The users simply have to move the e-mails to a Blacklisted folder that iHateSpam provides and it does work but we have Executives that just could not be bothered and just do not want it to come into the Inbox at all which I know is impossible but it does seem like it is coming from at least a general source as they are constantly updating around our filters.  The users are not to bad about not opening attachments or links they are not sure about but for course it only takes one.  Any way to track in the headers to see if it is from one source?  
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
rindiCommented:
If there was a way to track headers this won't help, as the spammers will do everything to hide or manipulate these headers, which is easy to do with the current mail protocols.
0
 
regsampAuthor Commented:
Yeah, I figured as much.  Just trying to think of all avenues here.  
0
 
BILJAXCommented:
It pays to use services such as Gatewaydefender.com.  They are a service that sits between your MX records and your firewall and scan for spam/viruses/dangerous scripts/attachments.  You can monitor and tune it to fit your needs via a web interface.  

We use this, and it catches about 1500-2000 pieces of spam/viruses/hostile attachments a day.  Corporate-wide, we see maybe 10-20 pieces of spam that make it through (but those get forwarded to abuse@gatewaydefender.com) and BAM, gone.


You can also try using a network AV appliance.

Webshield from McAfee: http://www.networkassociates.com/us/products/mcafee/antivirus/internet_gateway/ws_appliances.htm


Tumbleweed MailGate:
http://www.tumbleweed.com/products/mailgate/index.html


Both work well, and don't tie up system resources since it's its own device.

Good Luck,
AC
0
 
BILJAXCommented:
I should also note that we have exe-like attachments blocked through our SMTP proxy on our firewall for a 2nd layer of defense (the third is the built-in protection offered by Outlook XP/2k3).


AC
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now