Saturday, 11 October 2008

SBS 2008 - WSUS Synchronizations and Exchange

Have a look at this:

Exchange BL and Spam Updates

The list of updates released in one day makes it pretty clear that our WSUS synchronization schedule needs to be set to more than once a day.

By default, we are setting all of our WSUS setups to sync 8 times a day or once every three hours.

That should be enough to catch most everything!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

5 comments:

Anthony said...

is the version of exchange built into SBS 08 eligiable for the antispam enterprise updates, or do you have another exchange server in your network?

Philip E. said...

Good catch! Those are indeed Exchange Enterprise definition updates.

A closer look at the list showed that Exchange Standard sees AntiSpam updates only.

The odd thing is that the updates shown in the blog post are approved for install in the WSUS console.

When we go here: Information about the types of anti-spam updates that are available for Exchange 2007, we do have ForeFront Security installed on this SBS 2008.

And, from a linked TechNet article iin the above KB:

Microsoft Update for Anti-Spam Services

Exchange 2007 now offers additional services to help keep anti-spam components up to date, taking advantage of the proven Microsoft Update infrastructure.

Microsoft Exchange 2007 Standard Anti-spam Filter Updates offer anti-spam updates every two weeks via Microsoft Update.

The Forefront Security for Exchange Server anti-spam update service is a premium service that updates the content filter daily via Microsoft Update. In addition, the premium service includes the Spam Signature and IP Reputation Service updates that are available on an as-needed basis, up to several times a day. Spam Signature updates identify the most recent spam campaigns. IP Reputation Service updates provide sender reputation information about IP addresses that are known to send spam.

Note: To use the premium service, you must have the Exchange Enterprise Client Access License (CAL).

So, to answer your question: It looks as though the answer is "NO", but I am not too sure why the updates are being approved then.

Thanks for calling that out! I will do some digging to clarify.

Philip

Anthony said...

thanks for the clarification Philip, I've also noticed that by default SBS 2008 is not configured to even get antispam updates (and there is no obvious way to configure this in the SBS console), it is necessary to go into the Exchange console, open server configuration, then drill down to Hub Transport and then right click on the server name to run the "enable antispam updates"

Just to further clarify, does the forefront for exchange trial that is built into the SBS 08 setup allow these daily antispam updates, or does the antispam for forefront have to be purchased as well as the forefront for exchange CAL's?

Philip E. said...

Anthony,

The updates are indeed being applied. The Enterprise ones are being automatically approved in WSUS whereas the Exchange Standard AntiSpam ones are not.

Checking in FF, updates are being received.

As I understand it, FF will be fully licensed based on the SBS CALs just as any product has been in the past that was a part of SBS.

When I requested FF licensing information from our supplier, he replied with 9SG-00069 which is per user per month. I will need to see if there are any other SKUs for the A/V engines too.

Thanks,

Philip

Anthony said...

the mystery deepens, I have built up SBS 2008 without Forefront having ever been installed (I used the answer file tool to prevent the forefront trial installing) and the enterprise antispam updates are still being detected and then installed.

so it would appear that SBS 08 is eligiable for the daily updates instead of the monthly, this will be an excellent selling point for some of my customers who use a different antivirus for Exchange (NOD32), but want the extra spam protection.