Exchange Y2K22 : Malware Bug and the Fix

If you remember the Y2K bug or the year 2000 bug, you thought that was long gone right, 20 years later.....

Unfortunately it would appear there is a problem with the Malware scanner in all versions of local exchange that are causing random emails to jam, this is because the integer size of the value when time stamp exceeds a certain value.
You can find more about it here:


I can confirm nothing critical at the moment is being held up but by tomorrow this service will no longer be impacting any mail that could be a problem, this one will serve require a retrospective change which will be done once the fixes in place.


Yes there is a script for this, but I would rather do it myself, as it makes you learn more about what you are doing, anyway this is what I did to fix the side for our local Exchange.

For those interested this was the error we got:

A FIP-FS Scan process returned error 0x84004003 PID: 48680 Msg: Scanning Process caught exception:
Stream ID: <8af6078c-653f-4ffb-a3e7-670df734f55e@serverbear.clouds>
ScanID: {674B112D-1D54-442E-BFC9-F0E21020A6EA}
(0x84004003) Unknown error 2214608899.  Failed to meet engine bias criteria (Available) for filter type (Malware):
Selected engine(s): Microsoft
Available engine(s):
Offline engine(s):  ID: {674b112d-1d54-442e-bfc9-f0e21020a6ea}

This has been completed on all mailbox servers, so all mailbox servers are now on this scanning engine version: 2112330003

Remove existing engine and metadata

1. Stop the Microsoft Filtering Management service.  When prompted to also stop the Microsoft Exchange Transport service, click Yes.2. Use Task Manager to ensure that updateservice.exe is not running.3. Delete the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft.4. Remove all files from the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\metadata.

Update to latest engine
1. Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.2. Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%\Microsoft\Exchange Server\V15\Scripts), and run Update-MalwareFilteringServer.ps1 <server FQDN>.

Verify engine update info
1. In the Exchange Management Shell, run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.2. Run Get-EngineUpdateInformation and verify the UpdateVersion information is 2112330001.

This shows the updates worked well:

A FIP-FS Scan process returned error 0x84004003 PID: 48680 Msg: Scanning Process caught exception:
Stream ID: <8af6078c-653f-4ffb-a3e7-670df734f55e@serverbear.cloud>
ScanID: {674B112D-1D54-442E-BFC9-F0E21020A6EA}
(0x84004003) Unknown error 2214608899.  Failed to meet engine bias criteria (Available) for filter type (Malware):
Selected engine(s): Microsoft
Available engine(s):
Offline engine(s):  ID: {674b112d-1d54-442e-bfc9-f0e21020a6ea}

To check all the server load the require PowerShell modules:

Load Forefront Plugin: Add-PSSnapin Microsoft.Forefront.Filtering.Management.PowershellView Engine Version: Get-EngineUpdateInformation

This is what you should see from the MS-FIPS log......

Engine            : MicrosoftLastChecked       : 01/03/2022 07:13:19 AM +00:00LastUpdated       : 01/01/2022 04:52:43 PM +00:00EngineVersion     : 1.1.18800.4SignatureVersion  : 1.355.1247.0SignatureDateTime : 01/01/2022 11:29:06 AM +00:00UpdateVersion     : 2201010009UpdateStatus      : UpdateAttemptFailed

Engine            : MicrosoftLastChecked       : 01/03/2022 07:11:30 AM +00:00LastUpdated       : 01/01/2022 05:11:47 PM +00:00EngineVersion     : 1.1.18800.4SignatureVersion  : 1.355.1247.0SignatureDateTime : 01/01/2022 11:29:06 AM +00:00UpdateVersion     : 2201010009UpdateStatus      : UpdateInProgress

Engine            : MicrosoftLastChecked       : 01/03/2022 07:37:32 AM +00:00LastUpdated       : 01/03/2022 07:37:43 AM +00:00EngineVersion     : 1.1.18800.4SignatureVersion  : 1.355.1227.0SignatureDateTime : 01/01/2022 11:29:06 AM +00:00UpdateVersion     : 2112330003UpdateStatus      : UpdateAttemptSuccessful


Previous Post Next Post

نموذج الاتصال