system
1
I have a copy of the harmless eicar test virus (downloadable from http://www.eicar.org). I have the Avast standard shield set on ‘high’.
Now, I right-mouse-click on ‘eicar.com’ and select ‘copy’. On an empty space in the folder I right-mouse-click again, and select ‘paste’.
Avast only detects the file being pasted as a virus, not the one I’m copying from. I would expect the original to also be detected, since Explorer is opening and reading the file in order to make a copy.
Hmmm… what’s going on here, does anybody know?
Mac
2
is avast resident set to high?
did avast detect it as you downloaded it?
I tried the same test now and I could not even download it with out a warning
system
3
As I wrote in my original posting, the shield was set to ‘high’.
(Of course Avast detects it when you download it, which is why I select the option of allowing it when Avast asks. I download the file a few days ago, because I need to run various tests on Avast and my mailserver setup.)
Mac
4
oops I overlooked that. Lets see what The ALWIL team has to say.
Vlk
5
That’s because it’s a COM file (not recognizable by a header). To make avast scan these files on open, just add COM to the list of extensions to be scanned on open in Standard Shield (2nd page).
Vlk
system
6
Yup, that did it! 
Odd though, since I thought ‘.com’ files would fall under the category of ‘MS-DOS based programs’.
Are there any other typical executable-type files like that (i.e. which aren’t detected by header, and I might want to add to the list of extensions)?
igor0
7
The “MS-DOS based programs” configuration concerns execution, not simple reading - that’s what the second page is for (scanning on open).
Sowen, if it helps, I suggest you add:
ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE
to the aditional extensions list and
WS?,VBS,VBE,JS,JSE,HTA,WSF,WSH,SHS,SHB,HTM*
to be scanned on open (besides the WSH script).