Enabling Forefront Security Anti-spam Updates


An important factor in maintaining consistent spam protection over time is ensuring updates to the anti-spam filters are in place. 


Microsoft Exchange Server 2007 leverages the proven Microsoft Update infrastructure for providing anti-spam filter updates and, by default, administrators can visit the MU site to retrieve content filter updates that are being published every two weeks.

An increased level of protection is offered to Enterprise CAL customers, where spam filter updates are more frequent and diverse http://www.microsoft.com/exchange/preview/edition_compare.mspx


















Update Type


Standard CAL


Enterprise CAL


Content filter definitions


Bi-weekly


Daily


Spam signatures


n/a


As needed, could be multiple/day


IP Reputation


n/a


Multiple times a day


Enabling Forefront anti-spam updates

Enabling the enterprise CAL anti-spam updates is easy with Exchange Management Console.  The Edge Transport view presents on the right hand side the action to “Enable Anti-spam Updates”. 


This in turn is presenting the following dialog:


Note that opting in for anti-spam updates will not cause other updates that might be relevant to this server to be downloaded or installed.  The wizard is exclusively enabling the retrieval of anti-spam updates and will not otherwise configure the server to be kept up to date with patches and other software updates.

Clicking on the Enable button, the wizard reveals the PowerShell task that is doing the actual work: enable-AntispamUpdates, that is described in the help documentation.  Of course, the task can be run from the PowerShell if the GUI route is not desired.


Operations


Once the wizard finishes, the system is configured so that the “Microsoft Exchange Anti-spam Update” NT service scans Microsoft Update every hour for anti-spam updates that are applicable to this server.  If updates are available, they are downloaded and installed with no mailflow impact or admin intervention.

In order to force checking for updates at a particular time (instead of waiting for the next scan every 60 minutes) the “Microsoft Exchange Anti-spam Update” service can be stopped and then restarted:

D:\Documents and Settings\Administrator>net stop “Microsoft Exchange Anti-spam Update”
The Microsoft Exchange Anti-spam Update service is stopping.
The Microsoft Exchange Anti-spam Update service was stopped successfully.

D:\Documents and Settings\Administrator>net start “Microsoft Exchange Anti-spam Update”
The Microsoft Exchange Anti-spam Update service is starting.
The Microsoft Exchange Anti-spam Update service was started successfully.

Event log entries are produced for each update being downloaded and installed and MOM alerts are in place for cases where non-transient errors prevent the updates from happening:



Disabling the Forefront Updates


If for any reason the administrator wishes to disable the enhanced anti-spam updating mode, all it takes is running the disable-AntispamUpdates task or a click in the Exchange Management Console Action with the same name.


All anti-spam updates will be disabled at this point

[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdates
UpdateMode                  : Disabled
LatestContentFilterVersion  : 3.3.4728.660
SpamSignatureUpdatesEnabled : False
LatestSpamSignatureVersion  : 3.3.4728.1319
IPReputationUpdatesEnabled  : False
LatestIPReputationVersion   : 3.3.4728.067
MicrosoftUpdate             : Configured

Reverting to the standard protection will require following the steps in the next paragraph.

Reverting to Standard Updates


To revert the system to the standard mode of manually applying anti-spam updates, select the manual update mode in Exchange Management Console:


[PS] D:\Documents and Settings\Administrator\Desktop>Get-AntispamUpdates
UpdateMode                  : Manual
LatestContentFilterVersion  : 3.3.4728.660
SpamSignatureUpdatesEnabled : False
LatestSpamSignatureVersion  : 3.3.4728.1319
IPReputationUpdatesEnabled  : False
LatestIPReputationVersion   : 3.3.4728.067
MicrosoftUpdate             : Configured

– Mihai Costea

Comments (13)
  1. john cook says:

    i dont have this button but ive run the cmdlet manually..why isnt in my console? and ideas?

  2. john cook says:

    ahhh. you have an edge transport and im running antispam on a ht. so you wont see this property page on a ht?

  3. Seth Wolf says:

    I’m not seeing it either. Is it because I’m running an older version of the beta? I’m running build 605.15 (version 8.0.605.16). I’m also not seeing that Accepted Domains tab in the work/details pane.

    I’m really anxious to try out this feature. If my build is too early, is there any way I can try this out with like a patch or something, or do I need to get the latest build?

  4. Mcfly says:

    I have configured the updates on a ht server, see Automatic and configured on get-antispamupdates, but no updates show up in MU, nor do they install from WSUS… any ideas?

  5. dani says:

    Does anti-spam only run on edge-transport servers? What about hub transport servers?

  6. Mcfly says:

    Dani: you can install it manually on hub transport servers in case you only have one server. I don’t remember the exact script name, but it was something like install-antispamagents.ps1 in the scripts directory of your e2k7 install.

  7. Exchange says:

    Dani,

    Scott Landry went into this in the following blog post:

    http://msexchangeteam.com/archive/2006/11/17/431555.aspx

    Near the bottom of it…

  8. Scott Landry says:

    One other quick comment that may help some of you… there are no updates available for 32-bit builds.  Make sure that you are running the 64-bit version of Exchange in order to get updates.  Hope this helps!

  9. Exchange says:

    Seth Wolf,

    Yes you will need a later build, sorry. And as Scott mentooned, it will have to be 64 bit.

  10. Mcfly says:

    Thanks Scott, this did the trick… I rebuilt my test environment in 64bit, and now the updates are coming.

  11. JDBarber says:

    I’m running a single Exchange server and have enabled the Anti Spam features, but do not see the Anti Spam Updates either in the Management Console or in the Powershell scripts. Is there a way to enable this using a single box Hub Transport?

  12. JDBarber says:

    Disregard my previous post. Apparently this was enabled by default when running the cmdlet.

  13. Anonymous says:

    Greetings! My name is Andrew, and I work in the Forefront Server Security (FSS) test group in Long Island,

Comments are closed.