Migrate from Officescan into Sophos Antivirus

This month will be the last time our organization using the Office scan trend micro, we will using the Sophos Antivirus.

This time I will tell you how I install the Sophos antivirus from background process.

And this is the step :

Firstly we need to uninstall the trend micro, using below step

  1. Choose networked Computers – Client Management – and then
  2. Choose the computer that you want to uninstalled


After uninstall the trend, I try to manually install the Sophos from the background using below command.

If you have an access as administrator to all computer you can do automatic install from Sophos Console.


Cutwail spambot

This spambot  had attacked my company network, and it make my email server (exchange 2003) IP address get blacklisted. The effect of this spambot are outbound email from my company email server was blocked to send email outside my organization . It can be seen in the picture below, mostly queue connection in email server getting the retry status.

exchange email queue

To check the ip address that getting the blacklisted, I’m using 2 website :

  1. http://www.senderbase.org/
  2. http://cbl.abuseat.org/lookup.cgi

In this website, I found that my company ip addresses has been infected with cutwail spambot . And this website provide a step to find out where’s the culprit.

To solved this problem,  I’m creating a new firewall rules in my trend micro office scan server. And this firewall will blocked :

  • Port 25 to all client workstation
  • And an Ip addresses that I found in cbl.abuseat.org. The ip address are

After 2 days waiting, finally the culprit are found. There are one computer that making connection continously  to ip addresses To cleanup this computer,  the first thing I must do is disconnect the connection from this computer. After that, I deleted manually the spambot because my antivirus cannot detect it and make sure there is no more spambot in this computers.

To make sure the spam bot has gone, I checked the ip address reputation on the senderbase.org and thanks god it’s show that my ip reputation are good 😀

good IP reputation