It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

What is the Barracuda Real-Time Protection feature on my Email Security Gateway? How does it work?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00003529

All Email Security Gateways, firmware versions 3.5.10 and above.

Barracuda Real-Time Protection is a set of advanced technologies that enables Email Security Gateways to immediately block the latest virus, spyware, and other malware attacks as they emerge.

Whenever your Email Security Gateway receives an email, even if that message has been whitelisted, it will scan that email and all associated attachments for virus (Email Security Gateways scan whitelisted emails for virus because any legitimate sender could become infected with a virus and involuntarily begin sending virus emails, and do not apply other policy to whitelisted messages). The Barracuda will first check that message's signature against the local virus definitions (which are updated hourly, depending on your configuration on the Advanced > Energize Updates page). If that email message signature does not match a known virus signature, the Barracuda will query Barracuda Central's servers in real time to see whether that email has been found to be a virus since its last virus definition update.

All operating Email Security Gateways, which collectively form the largest and most diverse installed base in the industry, frequently query Barracuda Central with email and file attachment signatures. With this information, engineers are able to observe patterns and form hypotheses (based on frequency and growth patterns) about whether specific email signatures were taken from messages containing viruses, spyware, or other malware. Once a particular signature has caught our engineers' attention, Barracuda Central validates their hypotheses by collecting samples of suspect emails from Email Security Gateways around the world that elect to participate in data collection. By analyzing samples of the messages themselves, the Barracuda Central engineers are able to determine whether a suspicious email is dangerous.

To configure your Email Security Gateway to use Barracuda Real-Time Protection, navigate to the Basic > Virus Checking page of your Email Security Gateway's web interface. Once there, set the Barracuda Real-Time Protection option to On - Send Virus Variants. If you wish to use the feature without submitting potential virus message components to Barracuda Central for analysis, set the Barracuda Real-Time Protection option to On - Do Not Send Virus Variants instead.

Additional Notes:
Any message blocked using the Barracuda Real-Time Protection feature will appear on the Basic > Message Log page as having been blocked reason of Virus or Fingerprint, with an asterisk preceding the virus variant or fingerprint signature for which the message tested positive. For example, a normal virus block might look like
Virus (Trojan.Agent-26472), while a Real-Time virus block might look like Virus (*BN.ZeroHour-16131935).

Link to This Page: