Concerning to see that blatant phishing attempts with infected attachments are being marked as safe when it’s clear even from a lay person’s eyes that it is a scam email.

Recently received an email from " Commonwealth Bank Of Australia catalina@memercousuvc.onmicrosoft.com"

Had an infected attachment to it, and contained links to a drive by installer in the body of the email as well. Avast thinks this is safe. What did I even pay for…

Based on the analysis of this domain, it is completely suspicious.
A tool analyzed it and gave the verdict.
SUSPICIOUS

image1320×562 41.5 KB

So this is the same issue with norton as well now that avast and them are the same. I get your issue the phishing/malicious website detection in avast products are essentially nonexistent.