What is a good program to use to scan for spam bots on an Exchange Server (SBS2003)?

Posted on 2010-01-08
Last Modified: 2013-11-30
What is a good program to use to scan for spam bots on an Exchange Server (SBS2003)?
I use Kaspersky File Server Anti Virus as well as Kaspersky Exchange Antivirus for Exchange which show no threats. I need a second opinion though...
Question by:Rowy
    LVL 76

    Expert Comment

    by:Alan Hardisty
    I would download and install Malwarebytes ( which is an excellent tool.

    LVL 58

    Accepted Solution


    With respect, I wouldn't be looking to scan the server with any anti-greyware tools as my first option.

    Unless people have been browsing the Internet and installing software on that server, it's unlikely a spam bot will affect a server.

    What you will usually find is client computers infected with spam bots, which use their own SMTP engine to send email out (they most likely won't relay email off the server, and if the server is configured properly, they cannot).

    Thus, simply block port 25 outbound in your firewall for a period of time and watch the firewall logs. If they begin to fill quickly, but you know users are not sending all those emails via their Exchange mailbox, that is indication you have a spam bot on the network somewhere. The offending PC can then be tracked down using the IP from the logs and cleaned.

    If the Exchange Server is infected, this would again show up in the firewall logs. You can use Message Tracking to identify what attempts in the firewall were legitimate email requests and what was outbound spam. Again, it's unlikely you'll actually SEE the spam in Message Tracking (if you do, it should stand out), because it would most likely be using its own internal SMTP engine rather than bouncing anything from the Exchange Server. If you've not used Message Tracking before, take a look at

    It is good practice to close port 25 outbound to all machines except the Exchange Server. If you don't, and all machines connect out on the same external IP address, you could become blacklisted or have other problems from your ISP if a spam bot does go on a spamming spree.


    Author Closing Comment

    Well Said...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now