Ignoring password protected archives when scanning malware in Exim with Avast

When using Avast as malware scanner in Exim, password protected archives are treated as malware. This is resulted in Exim's behaviour to handle all errors reported by the Avast scan engine as malware. You can disable this behaviour in Exim by setting the av_scanner option pass_unscanned however this will ignore ALL errors reported by Avast, which is dangerous.

I developed a patch for Exim's malware scanner code. It introduces a new option pass_pwarchives when using Avast as av_scanner. This option makes Exim ignore only the error "Archive is password protected". All other errors are still treated as malware (unless pass_unscanned is set).

Note, that passing password protected archives unscanned won't protect you from malware contained in such archives! This should be handled by desktop malware detection systems on your user's workstations where the archive is opened.

The patch was developed for exim-4.92 but it also applies for the current version (exim-4.95) at the time of writing this text. It was submitted to the exim-users mailing list on 2022-04-25.

The current version of the patch can be found here:

• exim-4.92_avast_pass_pwarchive.diff