Administrators of on-premises Exchange Server systems who were on standby at the turn of the year were startled at midnight (more precisely: on 1.1.2022, 00:00 UTC). Because suddenly many Exchange servers could no longer transport mail. A message about this, which also referred to the cause, quickly spread on Twitter.
Converting the date value fails
The Anti-Malware Scan Engine encountered an error while converting the value “2201010001” to a long integer value, so that the relevant process can no longer be loaded. Julian Sieber suspects in one Techcommunity Comment dated December 31, 2021 that an overflow occurred when converting the string into a signed integer value. Then the error codes 0x80004005 and as well as the error description are displayed under PID 10816
Kann "2201010002" nicht in Long konvertieren written to the log files.
In the blog of the author of this article, numerous affected people reported, whereby the picture emerged that the problem occurs under various Exchange Server versions and different patch levels. However, not all on-premises Exchange servers are likely to be affected – the assumption is that the anti-malware scan or mail filtering is not active on unaffected systems.
Workaround: Antimalware-Scanning deaktivieren
There is a PowerShell script for Exchange Server
Disable-AntiMalwareScanning.ps1which deactivates the scan engine. This script can be used as a temporary workaround. After that, some users had to restart the transport service or even the Exchange server.
Alternatively, the following PowerShell command can be used to temporarily override the filtering of the mails:
Set-MalwareFilteringServer exch-19 -BypassFiltering $true
Here, too, the transport service must be restarted afterwards. Another reader informed the author of this post in a private message on Facebook that after executing the command
Get-TransportAgent "Malware Agent" | Disable-TransportAgent receiving and sending mail under Exchange Server 2016 works again with the latest cumulative update. Microsoft has some information on this topic in the post “Disable or bypass anti-malware scanning” collected.
There is now in the author’s blog a user commentthat Microsoft has already released a signature update to fix the problem. However, other administrators report that this does not fix the problem. An official statement from Microsoft is still pending.