?
Solved

How can I locate a computer with a spam virus

Posted on 2011-10-07
1
Medium Priority
?
194 Views
Last Modified: 2012-05-12
I have a network with about 50 computers. I have a Fortigate with an active Fortinet subscription and I have created a firewall rule that only allows smtp from our SBS 2003 server. Recently our email server was blacklisted so I signed up for a mail relay service. After about a month the mail relay service said we have a computer sending spam and they had to shut down our relay service until it is resolved. How can I find which computer is sending spam without going to all 50 computer and ruining an anti virus scan?
Thank you for your time and expertise.
0
Comment
Question by:dmader
1 Comment
 
LVL 28

Accepted Solution

by:
jhyiesla earned 2000 total points
ID: 36932706
Is the spam from a particular user as the sender; that would be a good way to ID them. If not, then you could use a utility like Wireshark to monitor traffic to ID the offending machine. Another possibility is to shut them all down one by one.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
In this article, we’ll look at how to deploy ProxySQL.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question