It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus

End-of-Sale/Renewals for Models 100 and 200

As of October 4th, 2020, new sales for models 100 and 200 of the Barracuda Email Security Gateway ceased. As of November 30, 2023, renewals for models 100 and 200 of the Barracuda Email Security Gateway have ceased. 

Advanced Threat Protection

  • Last updated on

Advanced Threat Protection (ATP) offers cloud-based protection against advanced malware, zero-day exploits, and targeted attacks not detected by the Barracuda Email Security Gateway virus scanning features.The Barracuda Email Security Gateway provides access to the Barracuda Cloud Protection Layer (CPL) with an active ATP subscription. For information about setting up the Cloud Protection Layer, see Cloud Protection Layer and How to Set Up Your Cloud Protection Layer.

ATP analyzes inbound email attachments with most MIME types and publicly accessible direct download links in a separate, secured cloud sandbox, detecting new threats and determining whether to block such messages. ATP offers protection against advanced malware, zero-day exploits, and targeted attacks not detected by the Barracuda Email Security Gateway virus scanning features.

ATP process 2018.png

When ATP determines an attachment contains a threat and blocks the message, review the ATP Report before determining whether to deliver the message. See How to Use Advanced Threat Protection Reports for more information.

To increase effectiveness and performance, Barracuda’s ATP uses micro-services to create a multilayered scanning infrastructure that blocks known and unknown threats:

ATDDetailsTable.png

ATP Options

In CPL, configure how and when attachments are scanned on the ATP SETTINGS tab:

  • Deliver First, Then Scan  When selected, the ATP service attempts to scan the mail in real time. If the ATP scan completes in real time and a virus is detected, the message is blocked and is not delivered. If the ATP scan does not complete in real time, the message is delivered; if the ATP service determines the attachment to be suspicious or virus-infected upon completion, the recipient is notified, and if Notify Admin is set to Yes, an email alert is sent to the specified admin address.

    This option does not delay email processing, however, the email recipient can potentially open an infected attachment.

  • Scan First, Then Deliver When selected, the ATP service scans messages with attachments before delivery. If a virus is detected in an attachment, the message is blocked, otherwise, the message is delivered to the recipient.

    This option provides more security and prevents the email recipient from opening infected attachments. Note that messages with attachments may be temporarily deferred while queued for scanning. These messages appear in the Message log and Pending Scan displays in the Reason column. The mail server retries until the scan is complete and no virus is detected in the attachment, at which point the message is delivered.

  • No – When selected, ATP is disabled.

ATP Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses, sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning in the ATP Exemptions section on the ATP SETTINGS tab of CPL.

Attachments from exempted entries are not sent to the ATP cloud. Note that these exemptions apply to ATP scanning only and do not apply to Barracuda Email Security Gateway virus scanning.

Scanned File Types 

Table 1 lists example file types scanned by the ATP service.

Table 1.

MIME TypeFile Extension
application/pdf.pdf
application/msword.doc
application/vnd.ms-powerpoint.ppt
application/vnd.ms-excel.xls
application/x-msaccess.mdb
application/vnd.openxmlformats-officedocument.presentationml.presentation.pptx
application/x-dosexec.exe
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.xlsx
application/vnd.microsoft.portable-executable.exe
application/x-executable.exe
application/vnd.ms-cab-compressed.cab
text/x-msdos-batch.bat
application/rtf.rtf
application/vnd.android.package-archive.apk
application/zip.zip
application/x-tar.tar
application/java-archive.jar
application/javascript.js
application/vnd.openxmlformats-officedocument.wordprocessingml.document.docx

Administrator Notification

When Deliver First, Then Scan is selected, select Yes for Notify Admin to notify the administrator when a virus is detected by the ATP service in a scanned attachment. The email notification includes the sender, recipient, attachment type, and detected virus. Enter the admin email address in the ATP Notification Email field address. Infected attachments are listed in the ATP Log.  

User Notification

If the ATP service determines an attachment is suspicious or virus-infected, the recipient is notified, and the Message Log displays the action as Advanced Threat Protection. Additionally, the Message Log displays:
Envelop From: no-reply@barracudanetworks.com

ATP Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses, sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning. Attachments from exempted entries are not sent to the ATP cloud. Note that these exemptions apply to ATP scanning only and do not apply to Barracuda Email Security Gateway virus scanning.

Message Log

Messages blocked or deferred by the ATP service are listed in the CPL Message Log with the following codes listed in the Reason column:

  • Advanced Threat Protection – Message is blocked by the ATP service due to an infected attachment. 
  • Pending Scan (Scan First, Then Deliver enabled) – Message is deferred while the attachment is scanned. The mail server retries until the scan is complete. Once complete, if no virus is detected, the message is delivered.
  • ATP Service Unavailable – Message is deferred because the ATP service is temporarily unavailable. The message is retried and, when the scan is complete and if no virus is detected, the message is delivered.

View ATP Statistics

The DASHBOARD page in CPL displays statistics of scanned attachments determined to be infected by the ATP service.