Q: All our computers are up to date with patches and they all have CA antivirus, with virus at the gateway device. All e-mails in traffic coming and going to scan through this device and it does a great job at catching trojans and viruses. But I and many of my users get around 10 to 30 emails a day of porn sites and junk mail. Im starting to suspect a virus, but the last time we hit the Netsky / beagel, I was able to get this due to the subject and the message tags.
Im thinking of changing my email address but then my 300 + users would do the same, since a majority of them get it. We run a spam appliance for next school year as our budget does allow for it this year. Are they a major new virus going around spreading that stuff?
How can I tell if there is something wrong oour network? I remember when Netsky hit, the infected computers to a specified port is opened.
Best Answer: Ok, I am going to give you the best way to clean your system completely. First watch our Free video at http://www.diycomputertips.com/spyware2 You should use all these free tools from download.com spybot and adaware After cleaning all the spyware you can do a complete free virus scan and clean up at http://www.trendmicro.com This will get you back on your feet. I think the best invest you can get to clean your system all the way and learn how to use all the free tools on the internet would be located here http://www.diycomputertips.com/spyware
-Reggie
http://www.diycomputertips.com
Re:I'll check the logs when I get back to work on Monday.
I'm pretty sure we ONLY let certain ports in (21, 443, 80, 143, 25).
Most of the other ports have been blocked. We've been pretty good up until when almost everyone in the school decided to use email.
We complained about ppl not utilizing technology to the fullest and when they finally do look what happens?
Re:Originally posted by: guy
Originally posted by: guy
Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?
Yea, I dont know alot about it, but why not try Spamassassin (http://spamassassin.apache.org/). Its free, its open source, its developed by the Apache Software foundation.. it should be pretty good..
Edit: GG me reading your post mentioning SpamAssassin after I post..It's what we use on our central agency-wide server and frankly, it isn't working well. The stuff it does think is spam frequently isn't, while the actual spam usually escapes unscathed. OTOH, I'm not sure how hard the boys over there have been trying to tune it, and it's not something I'm able to monkey with myself.
Re:Originally posted by: guy
Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?
Yea, I dont know alot about it, but why not try Spamassassin (http://spamassassin.apache.org/). Its free, its open source, its developed by the Apache Software foundation.. it should be pretty good..
Edit: GG me reading your post mentioning SpamAssassin after I post..
Re:Well, the gateway's log shows plenty of acitivities. Lots of trojans/viruses being caught.Caught going which way, though?
In, or out?
How about activity on weird ports? We don't have much of a router where I work (yay, life at a non-profit) 
but I do have all ports blocked both ways except the ones we actually have a need for. It emails me the logfiles and I skim them. If one of our systems were compromised and began trying to "phone home" on weird ports, then I'd notice the evidence and go investigate. How about you guys?
Re:I thought about installing either spamassasin or dspam but I have to make sure my users "train" the software! I can't depend on them to do this properly because most of them cant even remember how to change their password!!!!
Well, the gateway's log shows plenty of acitivities. Lots of trojans/viruses being caught.
Re:Once the spammers get hold of your addresses, you're doomed to get Spam forevar. Keeping the addresses out of the hands of Spammers is simple, though… just fire all your employees
Can you just put some antispam software on your email server perhaps, and educate the employees on the nature of the problem?
How can I tell if there's something going on oour network? I recall when netsky hit, the infected computers had a certain port opened. What are CA's logs and your gateway's logs showing? Is your router locked down, or is it letting everything out the door that wants out?
0 Comments.