Barracuda Email Threat Scanner for Exchange is a free Windows application that allows you to scan on-premises Microsoft Exchange Servers for threats in existing user mailboxes. This tool provides insight into what threats have already entered the organization through email; threats that can be stopped by Barracuda's Advanced Threat Protection (ATP).
Barracuda Email Threat Scanner for Exchange runs on a local workstation and leverages the existing Microsoft Outlook application to access the Exchange Server. The specific email boxes you can scan depends on the credentials you provide. Once the scan is complete, the tool places the output in a local folder allowing you to view it as a web page and examine the scan logs.
Note that Barracuda Email Threat Scanner for Exchange is not a remediation tool. While an administrator can scan an entire server, by default the tool only report the first 50 threats it finds. When the scanner reaches its limit, the scan stops.
How the Scan Works
Email Threat Scanner for Exchange leverages your existing Outlook installation to scan your Exchange Server mailboxes to discover security and compliance threats. Scanning is based on the provided credentials; scanning your personal mailbox requires your personal credentials, while scanning all mailboxes requires an account with administrator privileges.
During a scan, Barracuda Email Threat Scanner for Exchange uses hooks into Outlook to log into and scan through the selected mailboxes, looking for emails with attachments. Attachments are then passed to Barracuda Advanced Threat Protection (ATP) over a secure SSL connection for analysis. Threats found during the scan are added to the report.
While the scanner uses ATP to identify threats, it is using a subset of the full ATP capabilities. Scans through Barracuda Email Threat Scanner for Exchange do not pass through the final Sandbox stage. However, the scan leverages the previous layers including Anti-Virus and Heuristic Analysis. Together, these stages provide a 99% capture rate even without the Sandbox stage.
Table 1. Potential Impact.
Running a scan has minimal impact on the Exchange Server. Since it is using a normal Outlook client connection, and only retrieving emails with attachments, it is no greater load than a normal user searching through their attachments. Even in cases where an administrator is using Barracuda Email Threat Scanner for Exchange to scan the entire server, the impact remains minimal.
|Local Client||Most processing is done on the local client running the scan and the impact is minimal, with testing showing less than 10% CPU load. Note that scans can run for several hours and the workstation needs to remain on and connected to the network during the scan.|
You must have at a minimum:
- Outlook 2013 or 2016
- 8GB RAM
- Windows 7 or higher
- External network access
To run the installer, you must have at least one Exchange-configured Outlook profile. This account must have access to the mailboxes to be imported and the credentials for that user must be cached in the system.
If you need to configure account permissions, use the following PowerShell script:
Get-Mailbox -ResultSize unlimited -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-MailboxPermission -User <account email address> -AccessRights fullaccess -InheritanceType all -AutoMapping $false);
where <account email address> represents the email address for the Exchange-configured Outlook profile.
- Click the following link to download the installer to a Windows system: http://d.barracuda.com/xts/1.0/Email Threat ScannerScan.exe
- Run the installer and follow the online prompts to complete the wizard.
- Launch Barracuda Email Threat Scanner for Exchange.
Enter your registration details in the Register Product screen, click OK, and click OK once Email Threat Scanner for Exchange is registered.
From the Outlook profile drop-down menu, select the profile.
From the Mailbox filter drop-down menu, select what to scan:
- All users – Scans all user mailboxes
- Distribution list – Enter the distribution list name on which to scan
- Email address – Enter the email address on which to scan
- Last name – Enter the name on which to scan
- My mailbox – Scans the default mailbox associated with the selected Outlook profile
Public folders – Scans all public folders
Select the Mailbox filter on which to scan, and click Scan.
Email Threat Scanner for Exchange Menu Options
File menu options:
- Scan – Start the scan
- Exit – Close Email Threat Scanner for Exchange
Tools menu options:
View History – View your scan history:
- View Log File – Click to open the log file in Notepad
- Open Log Directory – Click to open the log directory in Explorer
- Enable Trace Logging – If directed to do so by Barracuda Networks Technical Support, Click to toggle trace logging On to resolve any errors encountered during scanning
View Scan Report
The report includes up to the first 50 threats found during scanning.
- Once the scan is complete, the scan complete dialog box displays the scan results:
- Click Yes to view the scan report in your browser:
Click the Report () icon to view the full report:
Table 1. Full Report Details.
View the full report contains a summary of the scanned mailboxes, number of attachments, threats and suspicious attachments, and a summary of the discovered threat types. The following table describes the full report fields.
|Attachment file name||
|File application category||
If you encounter an error similar to:
Failure during COM call: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. [0x800B0109]
There is an error referencing the root certificate. To resolve this issue, open the web filter to allow connection to Barracuda Email Threat Scanner for Exchange back end.