Update Antimalware Exchange error “Message deferred by categorizer agent, FIP-FS”

Desciption

Those of you who are using it, please note. The beginning of 2022 is on New Year’s Day. Microsoft Exchange Just released MSFTExchange has released the #msantimalware update for Exchange Anti-malware. This update will cause email not sending/receiving error. The cause is related to Y2K2 not converting the number string. All emails will be stuck in the submission queue with error code:
“Message deferred by categorizer agent” or event id: 5300 The FIP-FS “Microsoft” Scan Engine failed to load. PID: 14908, Error Code: 0x80004005. Error Description: Can’t convert “2201010003” to long.
with #Exchange2016 & #Exchange2019.

Cause

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647.

However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery.

Check mail

Get-Queue -Identity submission

Solution

Solution: Temporarily disable or bypass Exchange Antimalware. Open Powershell run the commands below:

cd $ExScripts
.\Disable-AntiMalwareScanning.ps1
or
Set-MalwareFilteringServer -BypassFiltering $True -identity <ServerMBX>
Restart-Service MSExchangeTransport
[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\Disable-AntiMalwareScanning.ps1
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Anti-malware scanning is successfully disabled. Please restart MSExchangeTransport for the changes to take effect.


Wait for Microsoft to update the patch. Today, I have been treated and met by an administrator. Friendly welcome Happy New Year 2022

Phương Nguyễn

Phương Nguyễn

Categorizer AgentExchange ServerExchange Server 2016
Comments (1)
Add Comment