Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Email tracing and possible virus 1

Status
Not open for further replies.
thegirlofsteel

thegirlofsteel

IS-IT--Management
Mar 3, 2004
110
US
Hi all. I am an IT Manager for my company. I had this strange incident that one of our employees has a personal web based email account. He checks it everyday, sends and retrieves. Now the big ?????

On our server, we use GFI Mail Security to block viruses and GFI Spam filter. My Mail Security caught an email coming from a person on his personal web based address book. Mind you, he doesn't send his personal email through our company exchange server.

How did it hijack the personal email addresses. Now one thing that might lead me to believe it got to our system is he sends ecards to people in the agency and that ecard program has its own email address list. Is it possible it came from there.

Another weird thing is it was of a very personal nature (a mistress' email) and GFI caught it and marked it for quarantine. It bounced back and sent a message along with the text to people in that address list which includes his boss!

 
Sort by date Sort by votes
looking at the header info (IP addresses) and message ID line you might be able to narrow it down to the ISP that originated the email & they could possibly aid you from there.
 
Upvote 0 Downvote
The real big problem is it sent a message that is very personal in nature and which included photos. Is there a way, that I, the network administrator can locate that email on the other employees exchange mailbox? Like I stated above, it went not only to the recepient but also to others on that hijacked list including his boss.
 
Upvote 0 Downvote
if it originally went out to all reciepients in a single email then search your mail server using the message id line.

if it came into your server on individual emails then search for the sender's name.

however, it may be a moot point if it already arrived and people have already seen it.

i would think your concern would be how this applies to company policy not that it may embarass someone - you cannot save people from themselves!

review company policies on use of web-based email & the sending of it during work hours or from company computers.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bkoopers
  • Question
Turning off Tek-Tips email notifications
Replies
0
Views
157
bkoopers
bkoopers
dik
  • Locked
  • Question
Deleting Graphics from eMail Signature 1
Replies
4
Views
387
dik
dik
dik
  • Locked
  • Question
Expanding eMail Messages in Thunderbird 1
Replies
2
Views
401
dik
dik
bdeal4122
  • Locked
  • Question
Vanishing emails
Replies
4
Views
345
sbcglobaltech
sbcglobaltech
IcarusHallsorts
  • Locked
  • Question
Delaying a batch of emails in Outlook Drafts folder.
Replies
2
Views
475
IcarusHallsorts
IcarusHallsorts

Part and Inventory Search

Sponsor

Back
Top