I've inherited a large 12 building WAN. All 12 buildings connect to a core switch that feeds into our PIX firewall and then out into our high speed internet. We have some very old windows 98 clients on our network. If I could wave my magic wand and make them go away, I would, but I can't. We're being told by our ISP that a machine on our network is infected with the Bagel virus, and is sending out lots of SMTP traffic. I do want to get to all these clients and check their AntiVirus status, however, that may not be the most time-cost effective measure for finding the infected machine.
I'm thinking I should be able to view the traffic at the firewall, and see where the SMTP traffic is coming from. There should not be any except from our Lotus server. So my question is, does this sound like the best way to find the culprit.
Obvously we need a border device that has AV capability. Obviously we need to update our clients. But for now, I need to track down who's infected.
I'm open to any other suggestions.
Thanks in advance,