We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Detecting computer sending spam on network

Medium Priority
1,149 Views
Last Modified: 2012-05-06
We currently have a computer somewhere on our network infected with either a virus or trojan that is sending spam to the internet. Our antivirus software has not detected it. (Trend Micro OfficeScan 8).
We have approxemetly 50 workstations and a dozen servers.
Is there a utility we could use that could monitor or scan the network for smtp traffic to track down the infected computer?
Or what is the easiest way to accomplish this?
Also, to clarify, this is not our Exchange server sending the spam, the infected computer appearently is using it's own smtp client installed by the malware.
Comment
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009
Commented:
The quick and dirty way is to simply block port 25 on your firewall. If you cannot control the IP addresses that can send out on port 25 then stop SMTP on the Exchange server, then watch the logs. A compromised machine will quickly fill the logs.

-M

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Commented:
On your firewall, allow your Exchange server ip to send out via port 25 and block all others from using port 25.  Then check your logs to see who is sending.

Author

Commented:
I was actually not able to change any settings on the firewall as it is handeled by an outside contractor and only they actually have access to it, however I was able to read the logs. By going over them very carefully, I did fingd a computer that was communicating with an outside server that it should not have been. That gave me the clue to track it down and kill off the infection. Thanks for pointing me in the right direction. Sometin=mes you just can't see the forest for the trees.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.