We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

What is the Barracuda Real-Time Protection feature on my Barracuda Spam Firewall? How does it work?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00003529

All Barracuda Spam Firewalls, firmware versions 3.5.10 and above.

Barracuda Real-Time Protection is a set of advanced technologies that enables Barracuda Spam Firewalls to immediately block the latest virus, spyware, and other malware attacks as they emerge.

Whenever your Barracuda Spam Firewall receives an email, even if that message has been whitelisted, it will scan that email and all associated attachments for virus (Barracuda Spam Firewalls scan whitelisted emails for virus because any legitimate sender could become infected with a virus and involuntarily begin sending virus emails, and do not apply other policy to whitelisted messages). The Barracuda will first check that message's signature against the local virus definitions (which are updated hourly, depending on your configuration on the Advanced > Energize Updates page). If that email message signature does not match a known virus signature, the Barracuda will query Barracuda Central's servers in real time to see whether that email has been found to be a virus since its last virus definition update.

All operating Barracuda Spam Firewalls, which collectively form the largest and most diverse installed base in the industry, frequently query Barracuda Central with email and file attachment signatures. With this information, engineers are able to observe patterns and form hypotheses (based on frequency and growth patterns) about whether specific email signatures were taken from messages containing viruses, spyware, or other malware. Once a particular signature has caught our engineers' attention, Barracuda Central validates their hypotheses by collecting samples of suspect emails from Barracuda Spam Firewalls around the world that elect to participate in data collection. By analyzing samples of the messages themselves, the Barracuda Central engineers are able to determine whether a suspicious email is dangerous.

To configure your Barracuda Spam Firewall to use Barracuda Real-Time Protection, navigate to the Basic > Virus Checking page of your Barracuda Spam Firewall's web interface. Once there, set the Barracuda Real-Time Protection option to On - Send Virus Variants. If you wish to use the feature without submitting potential virus message components to Barracuda Central for analysis, set the Barracuda Real-Time Protection option to On - Do Not Send Virus Variants instead.

Additional Notes:
Any message blocked using the Barracuda Real-Time Protection feature will appear on the Basic > Message Log page as having been blocked reason of Virus or Fingerprint, with an asterisk preceding the virus variant or fingerprint signature for which the message tested positive. For example, a normal virus block might look like
Virus (Trojan.Agent-26472), while a Real-Time virus block might look like Virus (*BN.ZeroHour-16131935).

Link to This Page: