Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Excessive messages with virus

Excessive messages with virus 12 years 4 months ago #4452

  • SABS9993
  • SABS9993's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Let me just say this site is terrific for knowledge on networking and security. Now my problem.

I manage a Exchange server for about 150 users. We use Scanmail from Trend Micro scan for viruses and filter unfriendly attachments. Every day in the logs I get about 200-300 entries stating that it has picked up and blocked emails with the BAGLE.GEN-1 or Netsky.P virus. Most of these emails come from obviously spoofed email addresses like This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.. All clients have antivirus software on them and for the most part they are clean. I am wondering why I am getting so many viruses directed at my mail server. These messages seem to be directed at some users more than others. I am almost sure no one in my network has been infected. We have always got these messages but now the volume seems very high. I am just looking for some theories on why this is happening.

Thanks
:?
The administrator has disabled public write access.

Re: Excessive messages with virus 12 years 4 months ago #4453

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
hi

well you're not alone in this one..i manage an exchange email server too. well since viruses today are very smat and well-engineered, they have the capability to "seek out and destroy". this means that since your email server has all the addresses and contacts within your network, once a virus attached as an email manages to find your domain and scans the whole directory of your email server, then it will have the ability to recreate itself enclosed within emails and then send them to your recipients.

this happens since your recipients as well have contact outside your domain/network that they send and receive email with almost everyday and you do not know if the ones they are sending/receiving email to are clean of viruses. some viruses uses legitimate email addresses and some uses spoof.

also, you may know it, but other viruses are very well crafted and that they sometimes make use of your own email server as a means to spread using the email addresses located within your server.

you may not be aware of it but other networks that are receiving email from your domain might have as well been sent with attachments containing viruses too.

the best practice to do is to always an updated AV in your server and clients as well. Also regular updates to MS since you are using Exchange.

there is also another way to prevent viruses coming into your network via emails is by using a mail relay server which is a server that handles email traffic externally. in this way you could filter out legitimate emails from the infected ones.

i believe that there is a tutorial with regards to this one and it is located at www.msexchange.org

there are also lots of tutorials within this site on how to secure your exchange server.

hope that this may have help you in some ways.
The administrator has disabled public write access.

Re: Excessive messages with virus 12 years 4 months ago #4475

  • SABS9993
  • SABS9993's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Thanks for the advice Jhun. We currently use a hosting company to filter our emails before sending them to our mail server and we scan them again when they get to our server. This seems to be working out ok. However I am seeing many massages being spoofed from address within my domain to internal users. This has me a little worried. Maybe someone in my network is infected and generating these emails? So far I have not tracked them down.
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup