Y2K22 error halts Exchange mail delivery: Anti-malware engine stumbles in 2022

On-premises Exchange Server system administrators who were on standby early in the year were stunned in the middle of the night (more precisely: Jan 1, 2022 at 00:00 UTC). Because suddenly many Exchange servers can no longer transmit mail. And soon a message about this, which also indicated the reason, spread on Twitter.

Date value conversion failed

The anti-malware scan engine encountered an error converting the value “2201010001” to a long integer value, so that the relevant process could not be loaded. Julian Sieber suspected of one Techcommunity Comment On December 31, 2021 an overflow occurred when converting the string to an integer value with a flag. Then error codes 0x80004005 are displayed as well as the error description under PID 10816 Kann "2201010002" nicht in Long konvertieren written to log files.

In this article’s author’s blog, several affected people reported, as the image appeared, that the issue occurs under different Exchange Server versions and different patch levels. However, not all local Exchange servers are likely to be affected – the assumption is that anti-malware scanning or mail filtering are inactive on unaffected systems.

Workaround: Anti-Malware Scan

There is a PowerShell script for Exchange Server Disable-AntiMalwareScanning.ps1Which disables the scan engine. This script can be used as a temporary solution. After that, some users had to restart the transfer service or even the Exchange server.

Alternatively, the following PowerShell command can be used to temporarily bypass mail filtering:

Set-MalwareFilteringServer exch-19 -BypassFiltering $true

Here too, the transfer service must be restarted afterwards. Another reader informed the author of this post in a private message on Facebook that after executing the command Get-TransportAgent "Malware Agent" | Disable-TransportAgent Exchange Server 2016 mail receiving and sending is working again with the latest cumulative update. Microsoft has some information on this topic in the post “Disable or bypass malware scanning“Collected.

Now on the author’s blog User commentMicrosoft has already released a signature update to fix the problem. However, other officials report that this does not solve the problem. An official statement from Microsoft is still pending.

(tiw)