> One of our support technician's machines is attempting to connect to
random IP addresses on port 25 - in
> a pretty needy fashion. He says he's scanned the box with the latest

updates from McAffee and it hasn't
> found anything.
>
> We discovered it because one of my basic (meaning I got it off the
> 'Net) rules for SEC flagged it as a possible PHEL trojan.
>
> Any thoughts?


I think your technician needs to try booting from trusted media and using
more than one type of scanner. The only time we've ever had outbound SMTP
sweeps from a Windows workstation it was botted.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards