The is a free Windows application that allows you to scan onpremises Microsoft Exchange Servers for threats in existing user mailboxes. This tool provides insight into what threats have already entered the organization through email; threats that can be stopped by Barracuda's Advanced Threat Protection. runs on a local workstation and leverages the existing Microsoft Outlook application to access the Exchange Server. The specific email boxes you can scan depends on the credentials you provide. Once the scan is complete, the tool places the output in a local folder allowing you to view it as a web page and examine the scan logs. Note that is not a remediation tool. While an administrator can scan an entire server, by default the tool only report the first 50 threats it finds. When the scanner reaches its limit, the scan stops. How the Scan Works Email Threat Scanner for Exchange leverages your existing Outlook installation to scan your Exchange Server mailboxes to discover security and compliance threats. Scanning is based on the provided credentials; scanning your personal mailbox requires your personal credentials, while scanning all mailboxes requires an account with administrator privileges. During a scan, uses hooks into Outlook to log into and scan through the selected mailboxes, looking for emails with attachments. Attachments are then passed to Barracuda Advanced Threat Protection (ATP) over a secure SSL connection for analysis. Threats found during the scan are added to the report. While the scanner uses ATP to identify threats, it is using a subset of the full ATP capabilities. Scans through do not pass through the final Sandbox stage. However, the scan leverages the previous layers including Anti-Virus and Heuristic Analysis. Together, these stages provide a 99% capture rate even without the Sandbox stage. Table 1. Potential Impact. Exchange Server Local Client Running a scan has minimal impact on the Exchange Server. Since it is using a normal Outlook client connection, and only retrieving emails with attachments, it is no greater load than a normal user searching through their attachments. Even in cases where an administrator is using to scan the entire server, the impact remains minimal. Most processing is done on the local client running the scan and the impact is minimal, with testing showing less than 10% CPU load. Note that scans can run for several hours and the workstation needs to remain on and connected to the network during the scan. Requirements You must have at a minimum: Outlook 2013 or 2016 8GB RAM Windows 7 or higher External network access 1 / 7
Antivirus Software If your system is running antivirus software, this may interfere with Email Threat Scanner for Exchange. To prevent interference, exempt the following directory from antivirus scanning: %LOCALAPPDATA%\Barracuda\Email Threat Scanner for Exchange\Scans Outlook Profile To run the installer, you must have at least one Exchange-configured Outlook profile. This account must have access to the mailboxes to be imported and the credentials for that user must be cached in the system. If you need to configure account permissions, use the following PowerShell script: Get-Mailbox -ResultSize unlimited -Filter '(RecipientTypeDetails -eq "UserMailbox")' Add-MailboxPermission -User <account email address> - AccessRights fullaccess -InheritanceType all -AutoMapping $false); where <account email address> represents the email address for the Exchange-configured Outlook profile. Install Scanner 1. Click the following link to download the installer to a Windows system: http://d.barracuda.com/xts/1.0/email Threat ScannerScan.exe 2. Run the installer and follow the online prompts to complete the wizard. If you uninstall Email Threat Scanner for Exchange, all scans, including reports, are deleted. Scan Mailboxes 1. 2. Launch. Enter your registration details in the Register Product screen, click OK, and click OK once Email Threat Scanner for Exchange is registered. For partners, when running the scanner for customers, you must select a different profile for each customer. 3. From the Outlook profile drop-down menu, select the profile. 4. From the Mailbox filter drop-down menu, select what to scan: 1. 2. 3. 4. 5. 6. All users Scans all user mailboxes Distribution list Enter the distribution list name on which to scan Email address Enter the email address on which to scan Last name Enter the name on which to scan My mailbox Scans the default mailbox associated with the selected Outlook profile Public folders Scans all public folders Because the scan can take several hours to complete, use the Test feature before starting the scan. To verify the server is available and items can be scanned successfully, select Email 2 / 7
address, enter a test email address, and click Test. If the email address is found, click OK to close the dialog box and proceed with the scan: If the email address is not found, click Yes to view the log file to troubleshoot the issue: 5. Select the Mailbox filter on which to scan, and click Scan. The scanner may take a few hours per mailbox to scan, so you can leave this running in the background. Note that mailboxes are scanned in parallel. Once the scan is complete, a Barracuda representative will contact you. Email Threat Scanner for Exchange Menu Options 3 / 7
File menu options: Scan Start the scan Exit Close Email Threat Scanner for Exchange Tools menu options: View History View your scan history: Logs View Log File Click to open the log file in Notepad Open Log Directory Click to open the log directory in Explorer Enable Trace Logging If directed to do so by Barracuda Networks Technical Support, Click to toggle trace logging On to resolve any errors encountered during scanning View Scan Report The report includes up to the first 50 threats found during scanning. 1. Once the scan is complete, the scan complete dialog box displays the scan results: 4 / 7
2. Click Yes to view the scan report in your browser: 3. Click the Report ( ) icon to view the full report: 5 / 7
The scan report is also sent to Barracuda for evaluation. Table 1. Full Report Details. View the full report contains a summary of the scanned mailboxes, number of attachments, threats and suspicious attachments, and a summary of the discovered threat types. The following table describes the full report fields. Field Attachment file name Threat category Examples pdf.pdf INVOICE.TAM_48530_20161129_A41E487BF.xls Suspicious Malicious File application category application/vnd.ms-excel File size Threat detection 43.7K 91.5K Detected by anti-virus software Once threats are identified, Barracuda recommends using Advanced Threat Protection to prevent new threats from entering your system. For more information, see Advanced Threat Protection. Troubleshooting If you encounter an error similar to: Failure during COM call: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. [0x800B0109] There is an error referencing the root certificate. To resolve this issue, open the web filter to allow connection to back end. 6 / 7
Figures 7 / 7