Manually update scan engines in Exchange Server
Original KB number: 2292741
Summary
Follow the steps given below to manually update the scan engines in Exchange Server. You may need to do so if you experience issues with accessing anti-malware updates online and want to download those definitions to a central location.
The manual update involves running the Update-Engines.ps1 PowerShell script. This script can be changed according to your needs. The update path, list of engines, and list of platforms can be changed in the script, or passed as parameters when the script is executed.
Note
The script will default the engine update path to https://forefrontdl.microsoft.com/server/scanengineupdate/. If this endpoint isn't available, you can change the script to use the failover endpoint https://amupdatedl.microsoft.com/server/scanengineupdate/. If the previous endpoints aren't available, you can use http://amupdatedl.microsoft.com/server/amupdate/ as an alternative site. By default, all engines will be downloaded for 64-bit platforms.
Steps to update scan engines
Create a local directory structure on the computer on which you want to download the scan engine updates.
Create a directory. For example, create a directory named ScanEngineUpdates.
Note
This directory must be passed as a parameter to the script.
Set the NTFS file system and share permissions on the directory so that the target Exchange servers have access to it.
Open Notepad. Paste the following script into the file. Choose File and Save As. Under Save as type, select All Files and save it as Update-Engines.ps1.
#--------------------------------------------------------------------------------------- # The UpdateEngines script demonstrates how to download engine packages for use # by the Forefront Protection for Exchange and Sharepoint products. # # What the script does: # # * Downloads copies of the UniversalManifest, EngineInfo. # * Downloads and extracts the full update package for the # specified engines for each specified platforms. This script # automatically creates directories under this root (metadata, x86, amd64) # and a script specific temp directory used during the processing. #--------------------------------------------------------------------------------------- param( [string]$EngineDirPath, [string]$UpdatePathUrl = "http://forefrontdl.microsoft.com/server/scanengineupdate/", [string]$FailoverPathUrl = "https://amupdatedl.microsoft.com/server/scanengineupdate/", [string]$EngineDownloadUrlV2 = "http://amupdatedl.microsoft.com/server/amupdate/", [string[]]$Engines = ("Microsoft"), [string[]]$Platforms = ("amd64") ) # Display Help if (($Args[0] -eq "-?") -or ($Args[0] -eq "-help")) { "" "Usage: Update-Engines.ps1 [-EngineDirPath <string>] [[-UpdatePathUrl] <update url>] [[-Engines] <engine names>] [[-Platforms] <platform names> " " [-EngineDirPath <string>] The directory to serve as the root engines directory" " [-UpdatePathUrl <update url] The update path used to pull the updates from" " [[-Engines] <engine names>[]] The list of names of engines to update" " [[-Platforms] <platform names>[]] The list of names of platforms to update" "" "Examples: " " Update-Engines.ps1 -EngineDirPath C:\Engines\" " Update-Engines.ps1 -EngineDirPath C:\Engines\ -UpdatePathUrl http://forefrontdl.microsoft.com/server/scanengineupdate/ -Engines Microsoft -Platforms amd64" "" exit } if ($EngineDirPath.Length -eq 0) { $(throw "The EngineDirPath is not set. Please set the EngineDirPath parameter to a valid directory.") } # The directory to store the engines with needs to contain # a trailing slash. if (!$EngineDirPath.EndsWith("\")) { $EngineDirPath += "\" } # Constants used in the script $ShellProgId = "Shell.Application" $DoNotDisplayProgress = 4 $YesAll = 16 $NoConfirmDirectory = 512 $NoUI = 1024 $UmFileName = "UniversalManifest.cab" $EliFileName = "EngineInfo.cab" # Checks if the specified path exists. # If not the directory is created. function CreatePath($path) { if ((Test-Path $path) -ne $true) { New-Item -type Directory $path Write-Host "Created: " $path } } # Use the Shell.Application COM object to extract the # contents of the sourceCabPath and put the contents into # the destinationDirectory. Support is included for cab # files with sub directory hierarchies. function ExtractCab($sourceCabPath, $destinationDirectory) { # Determine if we can call the expand.exe utility # if so use it, otherwise, use the Shell.Application # COM object to perform the expansion of the CAB & "expand.exe" if($?) { & "expand.exe" "-R" $sourceCabPath "-F:*" $destinationDirectory } else { $shell = new-object -comobject $ShellProgId if(!$?) { $(throw "unable to create $ShellProgId object") } $source = $shell.Namespace($sourceCabPath).items() $destination = $shell.Namespace($destinationDirectory) $flags = $DoNotDisplayProgress + $YesAll + $NoConfirmDirectory + $NoUI $itemCount = $source.Count $cabNameLength = $sourceCabPath.Length $cachedDestDir = "" $relativeDest = "" # Process each item in the cab. Determine if the destination # is a sub directory and create if necessary. for($i=0; $i -lt $itemCount; $i++) { $lastPathIndex = $source.item($i).Path.LastIndexOf("\"); # If the file inside the zip file should be extracted # to a subfolder, then we need to reset the destination if ($lastPathIndex -gt $cabNameLength) { $relativePath = $source.item($i).Path.SubString(($cabNameLength + 1), ($lastPathIndex - $cabNameLength)) $relativeDestDir = $destinationDirectory + $relativePath if ($relativeDestDir -ne $cachedDestDir) { $relativeDest = $shell.Namespace($relativeDestDir) $cachedDestDir = $relativeDestDir } $relativeDest.CopyHere($source.item($i), $flags) } else { $destination.CopyHere($source.item($i), $flags) } } } } #--------------------------------------------------------------------------------------- # Main Script #--------------------------------------------------------------------------------------- Write-Host "Update Path: " $UpdatePathUrl Write-Host "Engine Directory: " $EngineDirPath Write-Host "Engines: " $Engines Write-Host "Platforms: " $Platforms if ((Test-Path $EngineDirPath) -ne $true) { $(throw "The directory specified to store the engines does not exist or the user this script is running as does not have permissions to access it. " + $EngineDirPath) } $tempFilePath = $EngineDirPath + "temp\" $wc = new-object System.Net.WebClient # Download the Universal Manifest file $url = ($UpdatePathUrl + "metadata/UniversalManifest.cab") $umFilePath = $EngineDirPath + "metadata\UniversalManifest.cab" $metaDataDir = $EngineDirPath + "metadata\" CreatePath $metaDataDir $wc.DownloadFile($url, $umFilePath) CreatePath $tempFilePath # Delete any temporary files left over from # any previous runs of the script Remove-Item ($tempFilePath + "*.*") # Extract the xml file from the cab # so we can parse and read the data ExtractCab $umFilePath $tempFilePath # Read in and process the contents of the # Universal Manifest file. [xml]$umFile = Get-Content($tempFilePath + "UniversalManifest.xml") # Check if we need to download a new Engine License Info file $engineInfoVersion = $umFile.UniversalManifest.licenseInfoVersion Write-Host "The current Engine License Info version: " $engineInfoVersion $engineInfoFilePath = $EngineDirPath + "metadata\" + $engineInfoVersion CreatePath $engineInfoFilePath $engineInfoFilePath += "\" + $EliFileName # If the versioned directory does not exists # download the new version of the Engine License Info if ((Test-Path $engineInfoFilePath) -ne $true) { Write-Host "The current version of the Engine License Info needs to be downloaded." $engineInfoURL = ($UpdatePathUrl + "\metadata\" + $engineInfoVersion + "/" + $EliFileName) $wc.DownloadFile($engineInfoURL, $engineInfoFilePath) Write-Host "The Engine License Info download is complete." } Write-Host "Begin Processing Engine Updates" # Process each engine in the Universal Manifest # and download all applicable engines foreach ($p in $Platforms) { $platform = $umFile.UniversalManifest.EngineVersions.SelectSingleNode(("Platform[@id='" + $p + "']")) if ($platform -isnot [System.Xml.XmlElement]) { $(throw "The Platform '" + $p + "' is not valid.") } Write-Host "Platform: " $platform.id foreach ($e in $Engines) { $engine = $platform.SelectSingleNode(("Category/Engine[@name='" + $e + "']")) if ($engine -isnot [System.Xml.XmlElement]) { $errMsg = "The engine name '" + $e + "' is not valid." Write-Error $errMsg -Category InvalidArgument } else { Write-Host "Engine: " $engine.Name "UpdateVersion: " $engine.Package.version $manifestFileNameRoot = "manifest." + $engine.Default $manifestFileName = $manifestFileNameRoot + ".cab" $engineUrl = $UpdatePathUrl + $platform.id + "/" + $engine.Name + "/" + "Package/" $manifestUrl = ($engineUrl + $manifestFileName) $enginePath = $EngineDirPath + $platform.id + "\" + $engine.Name + "\Package\" Write-Host "Begin download: " $engine.Name " Url: " $manifestUrl CreatePath $enginePath $manifestPath = $enginePath + $manifestFileName $wc.DownloadFile($manifestUrl, $manifestPath) # Delete any temporary files left over from # any previous runs of the script Remove-Item ($tempFilePath + "*.*") ExtractCab $manifestPath $tempFilePath [xml]$manifest = Get-Content($tempFilePath + "manifest.xml") $fullPkgDir = $enginePath + $manifest.ManifestFile.Package.version + "\" CreatePath $fullPkgDir $fullPkgUrl = $engineUrl + $manifest.ManifestFile.Package.version + "/" + $manifest.ManifestFile.Package.FullPackage.name $fullPkgPath = ($fullPkgDir + $manifest.ManifestFile.Package.FullPackage.name) $wc.DownloadFile($fullPkgUrl, $fullPkgPath) # Detect if there are any subdirectories # needed for this engine $subDirCount = $manifest.ManifestFile.Package.Files.Dir.Count for($i=0; $i -lt $subDirCount; $i++) { CreatePath ($fullPkgDir + $manifest.ManifestFile.Package.Files.Dir[$i].name) } ExtractCab $fullPkgPath $fullPkgDir # Copy the downloaded manifest to the package directory Copy-Item $manifestPath -Destination $fullPkgDir Write-Host "Download Complete: " $engine.Name } } } Write-Host "Engine Update processing completed." # Clean up the temporary directory # that is used during the update Remove-Item $tempFilePath -recurseExecute the Update-Engines.ps1 PowerShell script, providing any necessary parameters. The format of the command to use is:
Update-Engines.ps1 -EngineDirPath <string> -UpdatePathUrl <update url> -Engines <engine names> -Platforms <platform names>EngineDirPath <string>- The directory to serve as the root engine's directory (created in step 1). It's a required parameter.UpdatePathUrl <update url>- The update path used to download the updates.Engines <engine names>- The list of engine names to update.Note
Multiple engine names should be separated by commas, with or without spaces.
Platforms <platform names>- The list of platform names to update.
Examples:
Update-Engines.ps1 -EngineDirPath C:\ScanEngineUpdates\Update-Engines.ps1 -EngineDirPath C:\ScanEngineUpdates\ -UpdatePathUrl http://forefrontdl.microsoft.com/server/scanengineupdate/ -Engines Microsoft -Platforms amd64You can now configure the servers to download updates from the directory created in step 1 by using the UNC path of a share name, such as
\\server_name\share_name.