[Last Call] Learn how to a build a cloud-first strategyRegister Now


What is a good program to use to scan for spam bots on an Exchange Server (SBS2003)?

Posted on 2010-01-08
Medium Priority
Last Modified: 2013-11-30
What is a good program to use to scan for spam bots on an Exchange Server (SBS2003)?
I use Kaspersky File Server Anti Virus as well as Kaspersky Exchange Antivirus for Exchange which show no threats. I need a second opinion though...
Question by:Rowy
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26269729
I would download and install Malwarebytes (www.malwarebytes.org) which is an excellent tool.

LVL 58

Accepted Solution

tigermatt earned 2000 total points
ID: 26272660

With respect, I wouldn't be looking to scan the server with any anti-greyware tools as my first option.

Unless people have been browsing the Internet and installing software on that server, it's unlikely a spam bot will affect a server.

What you will usually find is client computers infected with spam bots, which use their own SMTP engine to send email out (they most likely won't relay email off the server, and if the server is configured properly, they cannot).

Thus, simply block port 25 outbound in your firewall for a period of time and watch the firewall logs. If they begin to fill quickly, but you know users are not sending all those emails via their Exchange mailbox, that is indication you have a spam bot on the network somewhere. The offending PC can then be tracked down using the IP from the logs and cleaned.

If the Exchange Server is infected, this would again show up in the firewall logs. You can use Message Tracking to identify what attempts in the firewall were legitimate email requests and what was outbound spam. Again, it's unlikely you'll actually SEE the spam in Message Tracking (if you do, it should stand out), because it would most likely be using its own internal SMTP engine rather than bouncing anything from the Exchange Server. If you've not used Message Tracking before, take a look at http://www.amset.info/exchange/message-tracking.asp.

It is good practice to close port 25 outbound to all machines except the Exchange Server. If you don't, and all machines connect out on the same external IP address, you could become blacklisted or have other problems from your ISP if a spam bot does go on a spamming spree.


Author Closing Comment

ID: 31674896
Well Said...

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month17 days, 16 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question