diff -urN ../exim-4.90.1.orig/src/malware.c ./src/malware.c
--- ../exim-4.90.1.orig/src/malware.c	2018-02-08 15:22:40.000000000 +0200
+++ ./src/malware.c	2018-02-26 17:27:26.432309000 +0200
@@ -1831,6 +1831,7 @@
       uschar * scanrequest;
       enum {AVA_HELO, AVA_OPT, AVA_RSP, AVA_DONE} avast_stage;
       int nread;
+      int is_opt = 0;
 
       /* According to Martin Tuma @avast the protocol uses "escaped
       whitespace", that is, every embedded whitespace is backslash
@@ -1866,9 +1867,18 @@
 
 	    case AVA_OPT:
 	      if (Ustrncmp(buf, "210", 3) == 0)
+	      {
+		is_opt = 1;
 		break;				/* ignore 210 responses */
+	      }
 	      if (Ustrncmp(buf, "200", 3) != 0)
+	      {
+		if (is_opt)
+		  break;
 		goto endloop;			/* require a 200 */
+	      } else {
+		is_opt = 0;
+	      }
 
 	    sendreq:
 	      {
@@ -1879,11 +1889,13 @@
 		{
 		scanrequest = string_sprintf("%s\n", scanrequest);
 		avast_stage = AVA_OPT;		/* just sent option */
+		DEBUG(D_acl) debug_printf_indent("send to avast OPTION: %s", scanrequest);
 		}
 	      else
 		{
 		scanrequest = string_sprintf("SCAN %s\n", eml_dir);
 		avast_stage = AVA_RSP;		/* just sent command */
+		DEBUG(D_acl) debug_printf_indent("send to avast REQUEST: SCAN %s\n", eml_dir);
 		}
 
 	      /* send config-cmd or scan-request to socket */