• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1138
  • Last Modified:

Detecting computer sending spam on network

We currently have a computer somewhere on our network infected with either a virus or trojan that is sending spam to the internet. Our antivirus software has not detected it. (Trend Micro OfficeScan 8).
We have approxemetly 50 workstations and a dozen servers.
Is there a utility we could use that could monitor or scan the network for smtp traffic to track down the infected computer?
Or what is the easiest way to accomplish this?
Also, to clarify, this is not our Exchange server sending the spam, the infected computer appearently is using it's own smtp client installed by the malware.
2 Solutions
The quick and dirty way is to simply block port 25 on your firewall. If you cannot control the IP addresses that can send out on port 25 then stop SMTP on the Exchange server, then watch the logs. A compromised machine will quickly fill the logs.

On your firewall, allow your Exchange server ip to send out via port 25 and block all others from using port 25.  Then check your logs to see who is sending.
summitMISAuthor Commented:
I was actually not able to change any settings on the firewall as it is handeled by an outside contractor and only they actually have access to it, however I was able to read the logs. By going over them very carefully, I did fingd a computer that was communicating with an outside server that it should not have been. That gave me the clue to track it down and kill off the infection. Thanks for pointing me in the right direction. Sometin=mes you just can't see the forest for the trees.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now