We have been made aware via a number of external mail partners that they are seeing odd patterns of mail flow from this platform which is affecting SMTP delivery to various destinations.
Initial investigations have shown this to be down to a rouge EXE on the server likely due to a compromised site. Scans are currently underway to isolate the EXE as well as integrity checks on the platform to correct any miss configuration on client folders.
Temempory measures have been added to hopefully prevent it from executing and causing further issues.
As a result of the above scans and audit the platform is under high load until this is resolved. Currently there is no ETA, however we will provide updates once we know more.
UPDATE01 – 20:00
Detailed scans are still underway. Due to the volume of files this is taking longer than planned. Server usage remains high as a result
UPDATE02 – 23:55
Scan progress is at 61% and will continue in to the night / morning. Backups will still run however this will only add to the already excessive load.
UPDATE03 – 04/04/2018 – 09:30
Both scans completed and results are being reviewed.
UPDATE04 – 04/04/2018 – 10:30
Removal works are complete and we are planning to reboot the server from 10:30 to restore a number of security policys.