Virus or spam? I'm getting tired of this

LuckyTaxi

Diamond Member
Dec 24, 2000
6,044
23
81
ALL our computers are up to date with patches and they all have CA's antivirus along with a virus appliance at the gateway. ALL emails traffic coming in and going out are scan by this device and it does a great job at catching trojans and viruses. However, I along with many of my users get anywhere from 10-30 emails a day from porn sites and junk mail. I'm starting to suspect a virus but the last time we got hit with the netsky/beagel, I was able to distinguish this due to the subject line and message tags.

I'm thinking of changing my email address, but then my 300+ users would have to do the same since a majority of them are getting it also. We'll implement a spam appliance for next school year as our budget doesnt allow for it this year. Are they any new major viruses going around that's spreading stuff?

How can I tell if there's something going on oour network? I recall when netsky hit, the infected computers had a certain port opened.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Once the spammers get hold of your addresses, you're doomed to get Spam forevar. Keeping the addresses out of the hands of Spammers is simple, though... just fire all your employees :roll:

Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?

How can I tell if there's something going on oour network? I recall when netsky hit, the infected computers had a certain port opened.
What are CA's logs and your gateway's logs showing? Is your router locked down, or is it letting everything out the door that wants out?
 

LuckyTaxi

Diamond Member
Dec 24, 2000
6,044
23
81
I thought about installing either spamassasin or dspam but I have to make sure my users "train" the software! I can't depend on them to do this properly because most of them cant even remember how to change their password!!!!

Well, the gateway's log shows plenty of acitivities. Lots of trojans/viruses being caught.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Well, the gateway's log shows plenty of acitivities. Lots of trojans/viruses being caught.
Caught going which way, though? ;) In, or out?

How about activity on weird ports? We don't have much of a router where I work (yay, life at a non-profit) :eek: but I do have all ports blocked both ways except the ones we actually have a need for. It emails me the logfiles and I skim them. If one of our systems were compromised and began trying to "phone home" on weird ports, then I'd notice the evidence and go investigate. How about you guys?

 

dawks

Diamond Member
Oct 9, 1999
5,071
2
81
Originally posted by: mechBgon
Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?

Yea, I dont know alot about it, but why not try Spamassassin. Its free, its open source, its developed by the Apache Software foundation.. it should be pretty good..

Edit: GG me reading your post mentioning SpamAssassin after I post..
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: dawks
Originally posted by: mechBgon
Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?

Yea, I dont know alot about it, but why not try Spamassassin. Its free, its open source, its developed by the Apache Software foundation.. it should be pretty good..

Edit: GG me reading your post mentioning SpamAssassin after I post..
It's what we use on our central agency-wide server and frankly, it isn't working well. The stuff it does think is spam frequently isn't, while the actual spam usually escapes unscathed. OTOH, I'm not sure how hard the boys over there have been trying to tune it, and it's not something I'm able to monkey with myself.
 

LuckyTaxi

Diamond Member
Dec 24, 2000
6,044
23
81
I'll check the logs when I get back to work on Monday.
I'm pretty sure we ONLY let certain ports in (21, 443, 80, 143, 25).
Most of the other ports have been blocked. We've been pretty good up until when almost everyone in the school decided to use email.
We complained about ppl not utilizing technology to the fullest and when they finally do look what happens?