is it file system shield bug?

  1. when test download eicar.txt is detected by file system shield, and firefox download show failed.
  2. but when click retry at firefox download can successfully download and not detected, even file system shield set to scan all files at write.

http://www.host-images.com/u/files/ykc3af0kk8kk3mqwnmgf.png


http://www.host-images.com/u/files/djbew3p81pmhxrq3xlf7.png


http://www.host-images.com/u/files/p7wciknok0e2gilwl4hv.png

Please use the attach function to add your images, as not all here are on a broadband connection…!
Thanks…!
asyn

It’s a bug. I’m seeing a very similar thing in 5.0.545 (no I can’t update because v6 completely breaks my system: http://forum.avast.com/index.php?topic=72158.msg608390).

Here’s what I see:

  1. Click download link for http://www.eicar.org/download/eicar_com.zip in Firefox.
  2. Avast warns about Eicar.
  3. Select “block” in the warning dialog and click “OK”.
  4. Firefox “You have chosen to open eicar_com.zip” dialog appears.
  5. Select “save file” and click “OK”.
  6. Avast once again warns about Eicar.
  7. Select “block” in the warning dialog and click “OK”.
  8. Firefox’s downloads window appears, showing that it downloaded eicar_com.zip.
  9. My download folder contains eicar_com.zip. If I use the Avast “scan” option in Explorer, it detects a threat in the file.

The same thing happens if, instead of selecting “block” at steps 3 and 7, I select “delete” or “move to chest”. Additionally, when I select “move to chest”, nothing gets moved to the chest.

Oh, and further, the File System Shield/expert settings/scan when writing/scan files with custom extensions dialog does not properly warn about malformed extensions. Thus, if you add “.zip” instead of “zip”, it silently accepts it, but doesn’t scan .zip files. Nor, interestingly, does it scan “…zip” files, as you might expect. Not cool at all.

Avast team, are these problems fixed in v6? And if so, has the problem I described in http://forum.avast.com/index.php?topic=72158.msg608390 – and which several other users reported – been fixed?