We woke up to the first morning of 2022 with a big surprise. Exchange noticed that the servers could not receive mail. The reason for this is the problem that the mails cannot be sent due to the update error on the Exchange servers and due to the anti-malware scanning. If there is no antimalware product on the Exchange server (on the SMTP level, not at the OS level), it is recommended to turn it on. This service receives updated periodically in the background, but sometimes your servers’ internet access and sometimes an update problem on the Microsoft site can cause an error like this transport agent.
When we look at the application logs from the event viewer on the Exchange server, we see the event id numbered “5801“. When we look at the explanations, we can see that it is already related to filtering.
You can also see the event id “5800” besides the “5800” event id.
To solve the problem, we open the “Exchange Management Shell” application with admin authority. With the command below, we look at the status of the “Malware Filtering” feature.
According to this output, if your system has a “False” value, it means Malware Filter is scanning. This is the source of the problem. Now we will change this “False” value to “True” on all servers and restart the service. Just write your server name where it says “ServerIdentity“.
Set-MalwareFilteringServer <ServerIdentity> -BypassFiltering $true
Then it will be enough to restart the “Microsoft Exchange Transport” and “Microsoft Exchange Mailbox Transport Submission” services.
When all processes are finished, you can check the mail queues with the “Get-Queue” command from “PowerShell“.
Note: You can disable Anti Malware Agent if you want, we usually use it when searching for the problem for which Transport Agent-based agent in the first checks, but if you do not use this feature or will not use it for a long time, you can disable it instead of bypass. However, if you are using it actively, do not forget to turn it on again.