in b1f8e4f8ec26ecb99e56a0ed3a5140b65ec95a97 you introduced a check
for the pclose() return value in the cmdline scanner.
While this is a good idea generally, it may slightly break existing
deployments. At least one cmdline scanner (avast) uses it's exit code
to signal that a virus was found.
Any found virus results in a 4xx error, the malware_internal() returns
DEFER in such cases.
There should be some option to pass error codes we ignore, or at least
re-interpret av_failed as "av_failed contains the exit status of the
scanner", this is IMHO compatible with the current "av_failed is BOOL"
interpretation.
