Suspicious activity! 1

[Akusei]

I have my account receiving a copy of all NDRs, and I have NDRs turned off so the sender never receives one, but I do so I can see if something is wrong.

I am getting flooded with NDRs from people sending virus attachments to nonexistant email address within my company (which they are getting from my website).

This is fine and all because I am not an Open Relay (I had

http://www.ordb.org

test my site), but what concerns me is that I'm getting NDRs to these nonexistant email addresses from other peoples ISPs and mail servers alerting me that I have sent an email with a virus in it! This is strange because I'm not an open relay, I don't have a virus and I know it's not a spam bot because the addresses it is sending from do not exist at all!

Does anyone know what's going on, and how to stop it? I'm affraid people are using my mail server to relay worms, but I don't know how they are doing it.

Big thanks to anyone who can help!!

 

[Akusei]

Oh, forgot to mention it... I'm using Exchange 2000 sp3 with the post sp3 rollup installed

 

[speedracercjr]

Its because the newest SoBig.F virus spoofs the email address that it looks like it is sent from. For one reason or another someone had your users email on their system, got infected, and the virus spoofed the email to look like it was sent from your user. That's why you get the bounce backs, because the remote system thinks you sent it, even though odds are you didn't. We have gotten about 10 of these emails today, as far as i can tell Anti-virus is doing its job and all is well...for now!

 

[Akusei]

Can you suggest a good Antivirus that integrates with Exchange 2000? I have all workstations installed with NAV, but I don't have one that works "with" exchange.

 

[speedracercjr]

We use Symantec Antivirus/Filtering 3.0 for Exchange 2000 here, i like it alot, you can choose to just delete attachments at the exchange level before they even reach the users. That is what i do, i delete .pif,.scr,.vbs, etc files that are commonly used for viruses. Works pretty good and doesn't seem to cause to much overhead. It also has a spam/content filtering that you can use to delete inappropriate/spam emails. we haven't used it becuase our CEO is worried he might miss an important email! SCREW HIM!

 

[tyrobert]

I agree completely with speedracercjr. We are using Symantec and it works wonderfully with Exchange 2000. The real-time and exchange settings help our company out a lot because we have some very inexperienced users that would click on anything that came to them as mail. As long as I have been here Symantec has picked up and stripped off every attachment that is dangerous such as the above mentioned, and any new virus attachment. You can customize it easily as well to not accept this or that. Entirely worth the money for Symantec Antivirus.

 

[Akusei]

I am using Norton Antivirus Corporate Edition v8.0, it has an option to protect exchange, but it looks as though it only works in outlook on the client side, not with the actual exchange server... Do I need to install the NAV client on the exchange server, or the NAV server (currently the NAV Server is installed on the mail server)?

 

[jpm121]

Legally you have to license the exchange version. When we get our new CDs shipped there's usually a "server" install available but it's a violation of your license agreement to do that unless you paid for it.

And if you're not using it, chances are good you didn't pay for it.