We’ve had ours for about 7+ years. It’s the last few months that has me pulling my hair out. Our Fortigate has been good to block viruses before they get to the cuda. I don’t think our config is all that far from defaults.
I have all levels of Intent Analysis enabled. Image analysis is on Bayesian was not in use but I have been working on training it the last couple of weeks. Rate Control is actually 15/30 (I forgot I turned it down further yesterday.) I have some blocked domains but the new campaigns are changing the domains by the hour. There has been 8 different bursts in the last hour. I’ve started to add some of the subject lines but not heavy with patterns. I know I need to up my game with this part. rDNS blocks may not be suitable as we do business internationally. I just enabled blocking of no PTR records. Hopefully this helps. Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246 www.ttcdas.com<http://www.ttcdas.com/> From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Friday, December 18, 2015 9:52 AM To: ntsys...@lists.myitforum.com Subject: Re: [NTSysADM] Barracuda Spam fw appliance I have one that does a pretty good job with everything but friggin' macro viruses in Office documents. We have had one in place for about 11 years, so it is highly tuned for our environment. I also do a lot to block .ru, .cn, .in, etc straight out of the gate before the Barracuda's inspection even begins. Shoot some specific questions about configuration settings to the list if you like, and I can check how I've got mine setup. Also, primarily for the macro virus issue, we're adding Proofpoint to the mix in the next few weeks. I'm still going to keep the Barracuda, but everything inbound will go through Proofpoint first. On Fri, Dec 18, 2015 at 9:37 AM, Jake Gardner <jgard...@ttcdas.com<mailto:jgard...@ttcdas.com>> wrote: Does anyone here use one? We have a model 300 and lately we are getting absolutely hammered with SPAM that the ‘cuda just won’t catch. I have opened a few tickets with them about the issue and all they say is that my firewall is blocking the ‘cuda from checking websites. I’ve checked my firewall and I don’t see any blocks and the ‘cuda is in a policy with no outbound restrictions. The only thing that seems to slow it down is rate control. I turned it down to 20/30mins. In the last 9 hours it controlled 3700 and only outright blocked 1450. We see about 17k messages a day on average. A couple months again we were averaging 12k. Thanks, Jake Gardner IT Administrator 267-352-2020 Ext. 246<tel:267-352-2020%20Ext.%20246> www.ttcdas.com<http://www.ttcdas.com/> ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020<tel:267-352-2020> and destroy this message and any copies. Thank you. ******************************************************************* Teletronics Technology Corporation This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you.
