Home Technology Y2K22 bug stops Exchange mail delivery: Antimalware engine stumbles on 2022

Y2K22 bug stops Exchange mail delivery: Antimalware engine stumbles on 2022

203
0
Y2K22 bug stops Exchange mail delivery: Antimalware engine stumbles on 2022

Administrators of on-premises Exchange Server systems who were on standby at the turn of the year were startled at midnight (more precisely: on 1.1.2022, 00:00 UTC). Because suddenly many Exchange servers could no longer transport mail. A message about this, which also referred to the cause, quickly spread on Twitter.

The Anti-Malware Scan Engine encountered an error while converting the value “2201010001” to a long integer value, so that the relevant process can no longer be loaded. Julian Sieber suspects in one Techcommunity comment dated December 31, 2021 that an overflow occurred when converting the string into a signed integer value. Then the error codes 0x80004005 and as well as the error description Can’t convert “2201010002” to long are written to the log files under PID 10816. In the blog of the author of this article, numerous affected people reported, whereby the picture emerged that the problem occurs under various Exchange Server versions and different patch levels. However, not all on-premises Exchange servers are likely to be affected – the assumption is that the anti-malware scan or mail filtering is not active on unaffected systems.

For Exchange Server there is a PowerShell script Disable-AntiMalwareScanning.ps1, which deactivates the scan engine. This script can be used as a temporary workaround. After that, some users had to restart the transport service or even the Exchange server. Alternatively, the following PowerShell command can be used to temporarily override the filtering of the mails: Set-MalwareFilteringServer exch-19 -BypassFiltering $ true Here, too, the transport service must be restarted afterwards. Another reader told the author of this post in a private message on Facebook that after executing the Get-TransportAgent command, “Malware Agent” | Disable TransportAgent the mail receipt and sending under Exchange Server 2016 with the latest cumulative update also works again. Microsoft has some information on this topic in the post “Disable or bypass anti-malware scanning“Worn together. In the author’s blog there are now a user commentthat Microsoft has already released a signature update to fix the problem. However, other administrators report that this does not fix the problem. An official statement from Microsoft is still pending. (tiw) To the homepage



Source link