[ngw] non-NDS users sending outbound

[Maurice]

Over the course of the last week or so I've been dealing with a
reoccurring problem.
Basically someone on the network is getting infected at the PC level
with malware, then that malware using my GWIA sends out a ton of junk
until I can jump in and stop it...
My first warning of trouble is a staff that checks the Sent folder often
and will report a Pending piece of mail, then I'll check the GWAVA
3rd/Send folder an it will have thousands of entries...
At this point I'll review a few samples and go from there...
I also import the ACCT data file each morning into a database that
allows reporting - Chris Premo of the Medical Board of CA wrote it...
The generated report will list the offending sender - always a non-NDS
ID - I then look at the top 5 in this list and we review those PC for
malware.
Once I have the naming for the offending sender I then add it to GWAVA
and all is good for a while.

Is there a way on the PO, MTA or GWIA level to stop any outbound e-mail
that isn't connected to a known NDS ID?
What tools are other running GroupWise 7.0.2HP to avoid this problem?


Also, are any of you running something to Filter for malware on the
Router or between your Router and internal network; Untangle, Cisco
add-ons, etc.?



Thanks

-- 
-Maurice Pelletier
Child Development Services - Cumberland County
50 Depot Road
Falmouth, ME 04105
207-781-8881 (voice)
207-781-8855 (fax)

www.cds-cumberland.org


"Linux -- it's not just for breakfast anymore..."
-Moe

CONFIDENTIALITY NOTICE: This communication (including any attachments) may contain privileged or confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this communication and/or shred the materials and any attachments and are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited. Thank you.