One of our customers has managed to install a virus (Windows, of-course) which is sending spam. My job is to try to track it down. Virus scans haven't found the problem.
Although they have MS Exchange on-site, I am sure that the virus will not be sending through it (unless the virus is on the exchange box itself), so in theory it should be fairly easy to find out which PC is initiating lots of outbound SMTP connections. That's why I don't think this is OT - I reckon my best tools for the job will be Linux ones?
Either way any suggestions welcomed, particularly ones I can work on via a VPN connection rather than going to site.
NB: I've played with programs like Ethereal/Wireshark in the past, and I'm sure that's what I should be looking at, but I've always found myself looking at too much information and unable to see the wood for the trees. So pointers to tutorials gratefully received!