I look after a network here at work with about 25 pc's connected to it. I'm not an IT pro or anything like that, it's just that I'm the one who seems to know most about this sort of stuff
Anyway, last week I got an email from our ISP saying that they had noticed spam being sent from our IP address. Our IP address is also being listed on several spam Black lists, such as http://cbl.abuseat.org
We have our own mail server which we have had checked out, and it's all ok, not being used as a relay or anything like that. I have a network licence for AVG on all pc's and they are all up to date and clean. I've also installed ad-aware on a few pc's and they are only reporting things like Alexa, which I believe is something to do with IE6, so not too worried about that.
I have been using the network connection status as an indication of which machine may be infected, if the sent number is massively bigger than the recieved number, then I've been running full scans in safe mode. But I've still not found any infections!
Does anyone have any helpful hints/advice about how to identify which PC on the network may be sending out the spam? Is there a simple utility that can monitor network traffic to identify which may be sending stuff out on Port25?
I really am at a loss as to what to do next other than shut every machine down and turn them on only after running a full scan on each, but obvoiusly the boss ain't gonna be overly keen on this idea!!
So any help would be muchly appreciated!