Avast does not detect "bank transfer" Word document attachment

This morning I received an email with an attached Word .doc document that is clearly a phishing attempt. The full text and headers of the message are posted below. I tried to attach the document but this forum won’t accept .doc files.

I did not open the document. I scanned it with Endpoint Protection 8.0.1603, VPS 150617-2, and nothing was detected.

This appears to be an instance of the phishing exploit discussed here:

https://techhelplist.com/index.php/spam-list/845-re-payment-transaction-invoice-malware

However, that site only discusses URL links in the email messages. The message I received did not contain a URL link; it had a .doc attachment called PM2A64.doc.

I tried to find a formal way to report undetected malware to Avast but there doesn’t seem to be one. So I’m posting this here. I will be glad to upload the document if someone can give me a mechanism that will accept it.

** Email Message Begins **

X-x: TimeOut
Return-Path: jane445@mail.hughes.net
Delivered-To: kend@stic-cil.org
Received: from smtp57.gate.ord1a (smtp57.gate.ord1a.rsapps.net [10.130.4.57])
by store113a.mail.ord1a (SMTP Server) with ESMTP id 43B9D388006
for kend@stic-cil.org; Thu, 18 Jun 2015 05:53:44 -0400 (EDT)
Received: from [172.27.146.83] ([172.27.146.83:41419] helo=smtp44.gate.iad3a)
by smtp57.gate.ord1a.rsapps.net (envelope-from jane445@mail.hughes.net)
(ecelerity 2.2.3.49 r(42060/42061)) with ESMTPS (cipher=AES256-SHA)
id AC/21-31579-82592855; Thu, 18 Jun 2015 05:53:44 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-MessageSniffer-Scan-Result: 0
X-MessageSniffer-Rules: 0-0-0-32767-c
X-CMAE-Scan-Result: 0
X-CNFS-Analysis: v=2.1 cv=BPqK8jgG c=1 sm=0 tr=0 a=bex/9faoqBKyBq/aWfy6WQ==:117 a=xLcgiyMUInVIHykjz2qf3w==:17 a=jPJDawAOAc8A:10 a=gd8S59aKR-EA:10 a=pOfvU1qiAAAA:8 a=K-v-2zaBAAAA:8 a=KGjhK52YXX0A:10 a=XAFQembCKUMA:10 a=nE-2-McD1wyeLKvM1XUA:9 a=2xh9FXevrTH_pIzd:21 a=zbXdZdqxEG-wEWb3:21 a=QEXdDO2ut3YA:10 a=_W_S_7VecoQA:10 a=Ql9BLmpKDQEA:10 a=X6ib20irYCIA:10 a=N_5PHFRWqQRe0adqXLcA:9 a=diV1Cm6KfS4A:10
X-Orig-To: kend@stic-cil.org
X-Originating-Ip: [69.168.97.48]
Received: from [69.168.97.48] ([69.168.97.48:57209] helo=smtp.hughes.net)
by smtp44.gate.iad3a.rsapps.net (envelope-from jane445@mail.hughes.net)
(ecelerity 2.2.3.49 r(42060/42061)) with ESMTPS (cipher=AES256-SHA)
id A8/2C-20205-72592855; Thu, 18 Jun 2015 05:53:43 -0400
X-Authed-Username: amFuZTQ0NUBodWdoZXMubmV0
X_CMAE_Category: 0,0 Undefined,Undefined
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: smtp01.hughes.cmh.synacor.com header.from=jane445@mail.hughes.net; sender-id=neutral
Authentication-Results: smtp01.hughes.cmh.synacor.com smtp.mail=jane445@mail.hughes.net; spf=neutral; sender-id=neutral
Authentication-Results: smtp01.hughes.cmh.synacor.com smtp.user=jane445; auth=pass (LOGIN)
Received-SPF: neutral (smtp01.hughes.cmh.synacor.com: 42.114.73.68 is neither permitted nor denied by domain of mail.hughes.net)
Received: from [42.114.73.68] ([42.114.73.68:53241] helo=Admin-PC)
by smtp.hughes.net (envelope-from jane445@mail.hughes.net)
(ecelerity 2.2.3.49 r(42060/42061)) with ESMTPA
id AA/BC-26404-02592855; Thu, 18 Jun 2015 05:53:42 -0400
From: jane445@mail.hughes.net
Message-ID: AA.BC.26404.02592855@smtp01.hughes.cmh.synacor.com
To: kend@stic-cil.org
Subject: Fw: C4AFM
Date: Thu, 18 Jun 2015 16:53:32 +0700
MIME-Version: 1.0 (produced by Synapse)
X-mailer: Synapse - Pascal TCP/IP library by Lukas Gebauer
Content-type: Multipart/mixed; boundary=“0019C904_0DE10A8E_Synapse_boundary”
Content-Description: Multipart message
X-Antivirus: avast! (VPS 150617-2, 06/17/2015), Inbound message
X-Antivirus-Status: Clean

Hi. I am Jakeem Hickman. I just received a bank transfer from your company. We need to verify if the payment is processed correctly. This contact was in the transaction reference.
Please review the attached statement and let me know what is the purpose of payment.

You can report it here: https://www.avast.com/contact-us.php?subject=VIRUS-FILE

Thank you. I’ve sent it to that address.

You’re welcome.

scan result

https://www.virustotal.com/en/file/67789a0b637206cfb850f433226ca134ec0b81138e0ad0466be642fe97ec5649/analysis/1434659569/

https://www.metascan-online.com/en/scanresult/file/5ef8febb59be495a81243f54b4108490

Thank you, Pondus.

I received prompt assistance from Avast on this; EndPoint Protection 6.0.1603 with the latest VPS version now detects the file as a Trojan.