Applies to all Barracuda Spam Firewalls, firmware versions 3.4 and above.
The Barracuda Spam Firewall provides 12 layers of defense against email-borne threats. The following layers help provide protection against emails targeting Windows vulnerabilities:
- Denial of service protection. The Barracuda Spam Firewall is built on a hardened operating system kernel that will provide protection against many vulnerabilities associated with malformed packets or other vulnerabilities associated with Windows networking layer. Because the Barracuda Barracuda Spam Firewall receives SMTP connections directly, customers do not need to expose their Exchange servers to any inbound Internet traffic, insulating themselves from vulnerabilities in the Windows operating system.
- Virus scanning. The Barracuda Spam Firewall leverages a dual-layer virus engine with both proprietary and open source antivirus scanners. By partnering with selected ISP customers who have been using Barracuda Networks’ real-time fingerprinting capabilities, Barracuda has developed a state-of-the-art early detection capability and has a track record of blocking viruses well before they are disclosed by others in the community. In addition, the Barracuda Spam Firewall shares data with the Barracuda Web Filter so that the anti-virus engine also blocks known spyware binaries.
- File attachment policy. The Barracuda Spam Firewall enables customers to block file attachments by extension or file type. File attachment policy can be used to block attachment types targeted by a Windows vulnerability prior to the capture of any known exploit.
- Intent analysis. Many exploits targeted at the Windows operating system attempt to bypass file attachment policy by enticing users to download exploits from Web sites. Intent Analysis can block emails with links to domains hosting malware.
- Rules scoring engine. With the rules scoring engine, Barracuda Networks can block scripting exploits targeting the scripting layers of email clients or Web browsers. For example, the Adobe Reader exploit at the beginning of 2007 was blocked through the rules scoring engine.