We have made some headway on ticket #481222 (Mail Shield blocking ZIP files containing .js files that Web Shield and File System Shield do not block). The latest response from avast! Support is that “The Mail Shield will block any JS file by default.” On the surface, this did not make sense. The Mail Shield reported detection of a specific ’ JS:LockyDownloader [Trj]’ infection, and Mail Shield did not complain when I sent myself a clean .js file from the Mollom package. However, when I created a ZIP file containing this clean .js file, Mail Shield reported the same ‘JS:LockyDownloader [Trj]’ error.

It appears that Mail Shield blocks all ZIP files containing .js files regardless of whether the .js files are infected according to the avast! signature files, but allows ‘bare’ .js files to be sent. The Mail Shield also provides an error message that implies it detected a specific infection even if the .js file is in fact clean. In my case, the ZIP files did contain infected .js files - after a period of time, the avast! signature files got updated such that infected .js files were properly blocked by Web Shield and File System Shield.

I am not thrilled but at least I finally (after almost two months) have an answer from avast! that makes some sense.