• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 500
  • Last Modified:

Email Virus - Exchange 2003 / Ironmail

I have a user that keeps receiving "undeliverable" or "mailbox does not exist" auto reply messages regarding emails she has not sent.  It appears to me that her machine has a virus and is sending out mass emails from her account.  Her computer has been checked thoroughly for a virus, and appears to be clean though.  We're using Exchange 2003, and Ironmail as our filter.  These outbound messages are being logged in Ironmail, so it appears that they are being generated and sent internally.  Any ideas on how to track this down?
0
GCIT_Manager
Asked:
GCIT_Manager
  • 3
  • 2
1 Solution
 
MesthaCommented:
Confirm it is coming from that workstation. Most bots will have their own SMTP engine, they will not use something else. The IP address would be on the log from your antispam filter.
If it is coming off that machine then wipe it. I work on simple principle that once a bot gets on to the machine, it is no longer your machine.

Simon.
0
 
GCIT_ManagerAuthor Commented:
Thank you Simon for your input.  I checked our logs, and Ironmail does not track the IP address of the user's machine.  It will only record the IP address of the mail server.  I checked with Ironmail support, and they verified that they do not track the user's IP address.  
0
 
MesthaCommented:
BOTs send their email directly - they don't go through another server. Is the appliance set as your default gateway? Are you sure that it is the outbound email messages you are seeing in the logs?

Simon.
0
 
GCIT_ManagerAuthor Commented:
No, Ironmail is not set as our default gateway, and yes the messages that I am looking at were all outbound.  There was a large ammount of outbound messages from her account between 4-6am, the morning that she received many of these bounce back messages.  She did not author any of those messages.  We are going to reformat her machine to see if that fixes it.  
0
 
GCIT_ManagerAuthor Commented:
We took her workstation out of the equation and the problem appears to be resolved.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now