Administrators of on-premises Exchange Server systems who were on standby early in the year were stunned in the middle of the night (more precisely: on 1.1.2022, 00:00 UTC). Because suddenly many Exchange servers can no longer transmit mail. And soon a message about this, which also indicated the reason, spread on Twitter.
Date value conversion failed
The anti-malware scan engine encountered an error converting the value “2201010001” to a long integer value, so that the relevant process could not be loaded. Julian Sieber suspected of one Techcommunity Comment On December 31, 2021, an overflow occurred when converting the string to an integer value with a flag. Then error codes 0x80004005 are displayed as well as the error description under PID 10816
Kann "2201010002" nicht in Long konvertieren written to log files.
In this article’s author’s blog, several affected people reported, as the image appeared, that the issue occurs under different versions of Exchange Server and different patch levels. However, not all local Exchange servers are likely to be affected – the assumption is that anti-malware scanning or mail filtering are inactive on unaffected systems.
Workaround: Anti-Malware Scan
There is a PowerShell script for Exchange Server
Disable-AntiMalwareScanning.ps1Which disables the scan engine. This script can be used as a temporary solution. After that, some users had to restart the transfer service or even the Exchange server.
Alternatively, the following PowerShell command can be used to temporarily bypass mail filtering:
Set-MalwareFilteringServer exch-19 -BypassFiltering $true
Here too, the transfer service must be restarted afterwards. Another reader informed the author of this post in a private message on Facebook that after executing the command
Get-TransportAgent "Malware Agent" | Disable-TransportAgent Exchange Server 2016 mail receiving and sending is working again with the latest cumulative update. Microsoft has some information on this topic in the post “Disable or bypass malware scanning“Collected.
Now on the author’s blog User commentMicrosoft has already released a signature update to fix the problem. However, other officials report that this does not solve the problem. An official statement from Microsoft is still pending.