We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

Barracuda Email Threat Scanner for Exchange

  • Last updated on

The Barracuda Email Threat Scanner for Exchange is a free Windows application that allows you to scan on-premises Microsoft Exchange Servers for threats in existing user mailboxes. This tool provides insight into what threats have already entered the organization through email; threats that can be stopped by Barracuda's Advanced Threat Protection.

Barracuda Email Threat Scanner for Exchange runs on a local workstation and leverages the existing Microsoft Outlook application to access the Exchange Server. The specific email boxes you can scan depends on the credentials you provide. Once the scan is complete, the tool places the output in a local folder allowing you to view it as a web page and examine the scan logs.

Note that Barracuda Email Threat Scanner for Exchange is not a remediation tool. While an administrator can scan an entire server, by default the tool only report the first 50 threats it finds. When the scanner reaches its limit, the scan stops.

How the Scan Works

Email Threat Scanner for Exchange leverages your existing Outlook installation to scan your Exchange Server mailboxes to discover security and compliance threats. Scanning is based on the provided credentials; scanning your personal mailbox requires your personal credentials, while scanning all mailboxes requires an account with administrator privileges.

During a scan, Barracuda Email Threat Scanner for Exchange uses hooks into Outlook to log into and scan through the selected mailboxes, looking for emails with attachments. Attachments are then passed to Barracuda Advanced Threat Protection (ATP) over a secure SSL connection for analysis. Threats found during the scan are added to the report.

While the scanner uses ATP to identify threats, it is using a subset of the full ATP capabilities. Scans through Barracuda Email Threat Scanner for Exchange do not pass through the final Sandbox stage. However, the scan leverages the previous layers including Anti-Virus and Heuristic Analysis. Together, these stages provide a 99% capture rate even without the Sandbox stage.

Table 1. Potential Impact.

Exchange Server

Running a scan has minimal impact on the Exchange Server. Since it is using a normal Outlook client connection, and only retrieving emails with attachments, it is no greater load than a normal user searching through their attachments. Even in cases where an administrator is using Barracuda Email Threat Scanner for Exchange to scan the entire server, the impact remains minimal.

Local ClientMost processing is done on the local client running the scan and the impact is minimal, with testing showing less than 10% CPU load. Note that scans can run for several hours and the workstation needs to remain on and connected to the network during the scan.

Requirements

You must have at a minimum:

  • Outlook 2013 or 2016
  • 8GB RAM
  • Windows 7 or higher
  • External network access

Antivirus Software

If your system is running antivirus software, this may interfere with Email Threat Scanner for Exchange. To prevent interference, exempt the following directory from antivirus scanning:
%LOCALAPPDATA%\Barracuda\Email Threat Scanner for Exchange\Scans

Outlook Profile

To run the installer, you must have at least one Exchange-configured Outlook profile. This account must have access to the mailboxes to be imported and the credentials for that user must be cached in the system.

If you need to configure account permissions, use the following PowerShell script:

Get-Mailbox -ResultSize unlimited -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-MailboxPermission -User <account email address> -AccessRights fullaccess -InheritanceType all -AutoMapping $false);

where <account email address> represents the email address for the Exchange-configured Outlook profile.

Install Scanner

  1. Go to http://d.barracuda.com/xts/1.0/Email Threat ScannerScan.exe and download the installer to a Windows system.
  2. Run the installer and follow the online prompts to complete the wizard.

If you uninstall Email Threat Scanner for Exchange, all scans, including reports, are deleted.

Scan Mailboxes

  1. Launch Barracuda Email Threat Scanner for Exchange.
  2. Enter your registration details in the Register Product screen, click OK, and click OK once Email Threat Scanner for Exchange is registered.

    For partners, when running the scanner for customers, you must select a different profile for each customer.

  3. From the Outlook profile drop-down menu, select the profile.

  4. From the Mailbox filter drop-down menu, select what to scan: 

    1. All users – Scans all user mailboxes
    2. Distribution list – Enter the distribution list name on which to scan
    3. Email address – Enter the email address on which to scan
    4. Last name – Enter the name on which to scan
    5. My mailbox – Scans the default mailbox associated with the selected Outlook profile
    6. Public folders – Scans all public folders

      Because the scan can take several hours to complete, use the Test feature before starting the scan. To verify the server is available and items can be scanned successfully, select Email address, enter a test email address, and click Test. If the email address is found, click OK to close the dialog box and proceed with the scan:
      RyanDouglas.png 

      If the email address is not found, click Yes to view the log file to troubleshoot the issue:
      job_not_found.png  

  5. Select the Mailbox filter on which to scan, and click Scan.

    The scanner may take a few hours per mailbox to scan, so you can leave this running in the background. Note that mailboxes are scanned in parallel.

    Once the scan is complete, a Barracuda representative will contact you.

Email Threat Scanner for Exchange Menu Options

MenuOptions.png

File menu options:

  • Scan – Start the scan
  • Exit – Close Email Threat Scanner for Exchange

Tools menu options:

  • View History – View your scan history:
    ScanHistory.png
  • Logs
    • View Log File – Click to open the log file in Notepad
    • Open Log Directory – Click to open the log directory in Explorer
    • Enable Trace Logging – If directed to do so by Barracuda Networks Technical Support, Click to toggle trace logging On to resolve any errors encountered during scanning

View Scan Report

The report includes up to the first 50 threats found during scanning.

  1. Once the scan is complete, the scan complete dialog box displays the scan results:
    scancomplete.png
  2. Click Yes to view the scan report in your browser:
    scanreport.png 
  3. Click the Report (report_icon.png) icon to view the full report:
    full_report.png

    The scan report is also sent to Barracuda for evaluation.


Table 1. Full Report Details.

View the full report contains a summary of the scanned mailboxes, number of attachments, threats and suspicious attachments, and a summary of the discovered threat types. The following table describes the full report fields.

FieldExamples
Attachment file name 
  • pdf.pdf
  • INVOICE.TAM_48530_20161129_A41E487BF.xls
Threat category
  • Suspicious
  • Malicious
File application category
  • application/vnd.ms-excel
File size
  • 43.7K
  • 91.5K
Threat detection
  • Detected by anti-virus software

Once threats are identified, Barracuda recommends using Advanced Threat Protection to prevent new threats from entering your system. For more information, see Advanced Threat Protection.

Troubleshooting

If you encounter an error similar to:

Failure during COM call: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. [0x800B0109]

There is an error referencing the root certificate. To resolve this issue, open the web filter to allow connection to Barracuda Email Threat Scanner for Exchange back end.

 

Last updated on