Something strange just happened. I decided to test Avast again with the Eicar file. It would not let me even download the files with http. The web shield blocked all versions. Then I found a Trend Micro page serving the file. Again, I could not download the http version but when I clicked on the ftp one, the text file opened up in Chrome with no alert. I was then able to copy and paste it into Notepad and even save it to My Documents. I double clicked on the saved file and it opened in Notepad with no alert. Only when I did a right click scan of the saved file did Avast detect it and move it to the chest. This doesn’t seem right to me.
It is exactly as I would expect, the web shield monitors HTTP traffic, not HTTPS nor FTP as these are different protocols.
These downloads should be detected by the file system shield, depending on a) file type and b) the file system shield settings.
Generally it is only files which present an immediate risk that will be scanned on creation/modification, execution, etc. So that wouldn’t include archive files (inert until extracted and and file run) and files not generally targeted by malware (text files).
Personally I think that Chrome shouldn’t be opening FTP links in the browser but download them, but again since it is using FTP protocol the web shield won’t have scanned it, so won’t detect it. You can check again, viewing the web shield screen and click on the same link and you will see it isn’t scanned.
Well I did see that .txt files are excluded from being scanned by default in Avast. I wasn’t aware of that so that much is explained.