Correctly parse Avast response with newline characters in Exim

When using Avast as malware scanner in Exim, newlines in filenames are not handled correctly. Avast's scan engine quotes them with a leading backslash (\). Exim's parser for Avast's response does not handle this correctly. Instead of reading more data it tries to parse the incomplete report line and fails because it does not contain the required marker at the end. This failure leads to a message in panic_log and the mail is temporary rejected (deferred). In most cases, the sending server will retry to deliver the mail leading to filling up panic_log slowly.

I developed a patch for Exim's malware scanner code. It detects quoted newlines in Avast's response. Then it reads more response data and concatenates it to a complete report line until no quoted newline is found. Only the concatenated line is parsed then.

The patch was developed for exim-4.92 but it also applies for the current version (exim-4.95) at the time of writing this text. It was submitted to Exim's Bugzilla as a proposed solution for Bug 2880.

The current version of the patch can be found here:

• exim-4.92_avast-parse-multiline.diff