An important factor in maintaining consistent spam protection over time is ensuring updates to the anti-spam filters are in place. 

Microsoft Exchange Server 2007 leverages the proven Microsoft Update infrastructure for providing anti-spam filter updates and, by default, administrators can visit the MU site to retrieve content filter updates that are being published every two weeks.

An increased level of protection is offered to Enterprise CAL customers, where spam filter updates are more frequent and diverse http://www.microsoft.com/exchange/preview/edition_compare.mspx

Update Type

Standard CAL

Enterprise CAL

Content filter definitions

Bi-weekly

Daily

Spam signatures

n/a

As needed, could be multiple/day

IP Reputation

n/a

Multiple times a day

Enabling Forefront anti-spam updates

Enabling the enterprise CAL anti-spam updates is easy with Exchange Management Console.  The Edge Transport view presents on the right hand side the action to "Enable Anti-spam Updates". 

This in turn is presenting the following dialog:

Note that opting in for anti-spam updates will not cause other updates that might be relevant to this server to be downloaded or installed.  The wizard is exclusively enabling the retrieval of anti-spam updates and will not otherwise configure the server to be kept up to date with patches and other software updates.

Clicking on the Enable button, the wizard reveals the PowerShell task that is doing the actual work: enable-AntispamUpdates, that is described in the help documentation.  Of course, the task can be run from the PowerShell if the GUI route is not desired.

Operations

Once the wizard finishes, the system is configured so that the "Microsoft Exchange Anti-spam Update" NT service scans Microsoft Update every hour for anti-spam updates that are applicable to this server.  If updates are available, they are downloaded and installed with no mailflow impact or admin intervention.

In order to force checking for updates at a particular time (instead of waiting for the next scan every 60 minutes) the "Microsoft Exchange Anti-spam Update" service can be stopped and then restarted:

D:\Documents and Settings\Administrator>net stop "Microsoft Exchange Anti-spam Update"
The Microsoft Exchange Anti-spam Update service is stopping.
The Microsoft Exchange Anti-spam Update service was stopped successfully.

D:\Documents and Settings\Administrator>net start "Microsoft Exchange Anti-spam Update"
The Microsoft Exchange Anti-spam Update service is starting.
The Microsoft Exchange Anti-spam Update service was started successfully.

Event log entries are produced for each update being downloaded and installed and MOM alerts are in place for cases where non-transient errors prevent the updates from happening:

Disabling the Forefront Updates

If for any reason the administrator wishes to disable the enhanced anti-spam updating mode, all it takes is running the disable-AntispamUpdates task or a click in the Exchange Management Console Action with the same name.

All anti-spam updates will be disabled at this point

[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdates
UpdateMode                  : Disabled
LatestContentFilterVersion  : 3.3.4728.660
SpamSignatureUpdatesEnabled : False
LatestSpamSignatureVersion  : 3.3.4728.1319
IPReputationUpdatesEnabled  : False
LatestIPReputationVersion   : 3.3.4728.067
MicrosoftUpdate             : Configured

Reverting to the standard protection will require following the steps in the next paragraph.

Reverting to Standard Updates

To revert the system to the standard mode of manually applying anti-spam updates, select the manual update mode in Exchange Management Console:

[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdates
UpdateMode                  : Manual
LatestContentFilterVersion  : 3.3.4728.660
SpamSignatureUpdatesEnabled : False
LatestSpamSignatureVersion  : 3.3.4728.1319
IPReputationUpdatesEnabled  : False
LatestIPReputationVersion   : 3.3.4728.067
MicrosoftUpdate             : Configured

- Mihai Costea