Running Barracuda Spam and Virus Firewall 300 out of Hyper-V

First of all, thanks very much to this blog: http://blog.shiraj.com/?p=49 without it, I wouldn’t have been able to get as far as I did. Anyways, now on to virtualizing a Barracuda Spam and Virus Firewall–

Things you will need:
1. Barracuda E-mail Spam Filter
2. Windows 2008 R2 Hyper-V server (VMWare probably works too… only thing I wouldn’t be sure of is how VMware portrays the mount points and what drivers it uses for legacy network adapters)
3. Acronis True Image (or similar bootable “ghosting” media)

The first step is to make an image of a Barracuda. Using the BIOS code from the aforementioned blog, login to the BIOS of the Barracuda and enable Boot from CD as the first boot option. Then connect a USB CD-ROM drive with Acronis True Image. Also connect a USB hard drive with enough space to accommodate at least 32GB worth of data.

Create the TIB image of the entire drive. Remove the USB drive when you are done and connect it to your Windows 2008 R2 Hyper-V server. Create a new virtual machine with 1 CPU, about 1GB RAM (my 300 only came with 512mb… max 2GB according to the motherboard specifications) and a legacy adapter. I also turned on Windows NT CPU support just to play it safe. Remove the SCSI controller and create a fixed 32gb VHD for the OS. Attach an ISO of Acronis True Image and boot the VM to Acronis.

I created a second VHD in the host OS and copied the TIB file into it, then mounted the VHD as a secondary IDE drive. This was the easiest way to get the VM to restore the TIB file… plus at any time I can reboot into Acronis and reimage my system.

Restore the image and reboot. You will want to follow the steps from the previously mentioned blog to gain root access. This is necessary to make the network card work. Once you have root access, modify the /etc/modules.conf file. Change the eth0 alias to use “tulip” instead of “via-rhine.” Type modprobe tulip to verify, then ifconfig to double check eth0 is now available.

This is a great way to avoid having to purchase instant replacement, and in a suitable backup environment… disaster recovery is a breeze if you backup your virtual machines for instant disaster recovery. Creating the image doesn’t void the warranty as long as you can avoid opening the case. However, if you ever experience problems… hopefully they don’t notice your hardware specs 🙂 I’m not sure how much lspci differs from appliance to virtual machine, I haven’t gotten that deep into it yet.

Just an FYI, if you ever need to manually update firmware because the web interface is broken… look for /home/emailswitch/code/firmware/current/bin/update.pl and run update.pl with the argument “firmware”

i.e. ./update.pl firmware

Add -c at the end to perform a check only.

Just about every function of the web site is a perl script… doing some cat/grep operations on the index.cgi should help you out if you are ever in a bind.

Disappearing E-mail Text

Problem: Random e-mails (most notably distribution group e-mails) are delivered to users with stripped bodies, i.e. no text inside the e-mail.

I was not sure where to start with this, so I began my search in the obvious places… Microsoft Message Tracking and the spam filter. Well… for one, the company was not using a smart-host and this was happening on internal e-mails, so I could rule out the spam filter. I attempted to troubleshoot using message tracker, but of course it would only tell me the e-mail was delivered.

I patched and configured the server until I was blue in the face to make sure all the bugs were removed. The server was configured identically to most 2003 servers I’ve come across. The server had Eset anti-virus (non-Exchange version) which we upgraded… uninstalled… replaced… nothing resolved the issue.

Finally, I did some research on CommVault and NetVault (both running on the server, unsure of job status because at the time I did not have access to the backup software as I was an outside consultant only given specific access. On a whim I disabled both and had them do several tests… all of which worked successfully.

Internally they made the decision to discontinue the use of one of the backup solutions on the Exchange server.

Resolution: Don’t use two  log-based backup solutions on an Exchange server. I imagine both solutions had some sort of continous backup technology where they were constantly monitoring and backing up logs, causing the e-mail text to be misplaced.