An important factor in maintaining consistent spam protection over time is ensuring updates to the anti-spam filters are in place.
Microsoft Exchange Server 2007 leverages the proven Microsoft Update infrastructure for providing anti-spam filter updates and, by default, administrators can visit the MU site to retrieve content filter updates that are being published every two weeks.
An increased level of protection is offered to Enterprise CAL customers, where spam filter updates are more frequent and diverse http://www.microsoft.com/exchange/preview/edition_compare.mspx
Content filter definitions
As needed, could be multiple/day
Multiple times a day
Enabling Forefront anti-spam updates
Enabling the enterprise CAL anti-spam updates is easy with Exchange Management Console. The Edge Transport view presents on the right hand side the action to "Enable Anti-spam Updates".
This in turn is presenting the following dialog:
Note that opting in for anti-spam updates will not cause other updates that might be relevant to this server to be downloaded or installed. The wizard is exclusively enabling the retrieval of anti-spam updates and will not otherwise configure the server to be kept up to date with patches and other software updates.
Clicking on the Enable button, the wizard reveals the PowerShell task that is doing the actual work: enable-AntispamUpdates, that is described in the help documentation. Of course, the task can be run from the PowerShell if the GUI route is not desired.
Once the wizard finishes, the system is configured so that the "Microsoft Exchange Anti-spam Update" NT service scans Microsoft Update every hour for anti-spam updates that are applicable to this server. If updates are available, they are downloaded and installed with no mailflow impact or admin intervention.
In order to force checking for updates at a particular time (instead of waiting for the next scan every 60 minutes) the "Microsoft Exchange Anti-spam Update" service can be stopped and then restarted:
D:\Documents and Settings\Administrator>net stop "Microsoft Exchange Anti-spam Update"The Microsoft Exchange Anti-spam Update service is stopping.The Microsoft Exchange Anti-spam Update service was stopped successfully.
D:\Documents and Settings\Administrator>net start "Microsoft Exchange Anti-spam Update"The Microsoft Exchange Anti-spam Update service is starting.The Microsoft Exchange Anti-spam Update service was started successfully.
Event log entries are produced for each update being downloaded and installed and MOM alerts are in place for cases where non-transient errors prevent the updates from happening:
Disabling the Forefront Updates
If for any reason the administrator wishes to disable the enhanced anti-spam updating mode, all it takes is running the disable-AntispamUpdates task or a click in the Exchange Management Console Action with the same name.
All anti-spam updates will be disabled at this point
[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdatesUpdateMode : DisabledLatestContentFilterVersion : 3.3.4728.660SpamSignatureUpdatesEnabled : FalseLatestSpamSignatureVersion : 3.3.4728.1319IPReputationUpdatesEnabled : FalseLatestIPReputationVersion : 3.3.4728.067MicrosoftUpdate : Configured
Reverting to the standard protection will require following the steps in the next paragraph.
Reverting to Standard Updates
To revert the system to the standard mode of manually applying anti-spam updates, select the manual update mode in Exchange Management Console:
[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdatesUpdateMode : ManualLatestContentFilterVersion : 3.3.4728.660SpamSignatureUpdatesEnabled : FalseLatestSpamSignatureVersion : 3.3.4728.1319IPReputationUpdatesEnabled : FalseLatestIPReputationVersion : 3.3.4728.067MicrosoftUpdate : Configured
- Mihai Costea