Every weekend during one of our scheduled scans one of servers generates strange outbound SMTP traffic to Google owned servers. This might be completely coincidental, however, there are a few things that tie this back to a Qualys VM scan and I am hoping to validate this here.
The strange SMTP traffic that we noticed was from a "qgmrfrom@"insertDomainHere"". A quick google search on the string "qgmrfrom" returns a few hits from Qualys, mostly in regards to the Known Issues document. If Qualys is performing some kind of vulnerability validation using the aforementioned info what exactly is it doing? The part that is confusing me is that if I look up the source IP in VM asset search there is no scan data.
If anyone has experienced anything like this I am curious to hear about it.