Malware not blocked by webshield

I m usin avast 7 and I think the version is a big improvement
I m receiving some trojan containing spam (yahoo mail) and every time I want to download the file(testing avast), the webshield warns me that the malware is blocked:

http://www.avast.com/lp-security-information-fp2?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-challenger2&p_vir=Win32:Ufraie-J&p_prc=&p_obj=&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default2&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=369&p_lng=en&p_lid=en-ww&p_elm=7&p_vbd=1407

but it s been downloaded and the malware (zipped file) is in the “downloads” catagory of my MY DOCUMENTS
why does the malware get through after the waring and whydoes not avast webshield block it ?!!
is it a bug or I should change something in the setting?(it is set by default)
Win 7 home premium
browser:chrome

The question I have first is the malicious code still present in the zip? You could upload it to virustotal.com for more info, and post the results.
Truly I don’t have much of a clue here but can be thinking on it.

yes
the virus containing zipped file is intact
scanning the file with avast shows the malware is there
just after chrome starts to download,avast warning comes up saying the malware is blocked by webshield
but no termination happens and the file is downloaded thoroughly!!!
it is not harmfull because the file is in a zipped folder but avast webshield does not actually block the download process,it just warns!!!

is there anyone who can explain why that happens?
i can send the trj containg mail to anyone who wants to see the bug

Update:
I downloaded the file 8 times(its size is 27.3kb)
5 times the webshield warned before the download process and it was blocked properly
3 times the webshield warned after the browser stated to download and the file got through and webshield just warned,no actual blocking!!!
I think this is the bug,I hope avst will fix it

extract the file and it will be caught in file shield ;D

@true indian >>> STOP POSTING USELESS STUFF HERE !!! … you already advised someone who solved his problem running the uninstall utility to >>> run the uninstall utility ::slight_smile: >>> now the problem here is why the web shield doesn’t block malware off and on, not what happens if you extract an infected archive and the file shield interferes, is that clear for you now ???

@the OP now: what are your web shield settings … I don’t like this issue … did you upload that zip to Avast (from chest) ?

As I said every thing is set by default(avast free 7.0.1407 chrome 17)
I submitted and explained the case, but the file is KNOWN to avast database,the problem is the webshield unability to block the download process
I ve sent the issue to avast center and I hope there will be the fixation
https://support.avast.com/index.php?loginresult=1&group=eng&_m=tickets&_a=viewticket&ticketid=2654986

as I said I can forward the mail to anyone who wants to examin(it is not harmfull because it is zipped)

Could you attach the zip file to the ticket you’ve submitted?

I seem to recall vlk saying in a post (years ago) that not all browsers ‘respect’ the webshield block. Some just keep retrying - and depending on download speed response/reset times they may succeed.

(I also seem to recall him saying that IE does respect it). this was a long time ago though - I could easily be misremembering)

(and the more I think about that it doesn’t seem to make sense - avastSvc should be in the way if it is being used as proxy)

I ve just attached
then i download what I uploaded and unfortunately it makes no webshield blocking (no even warning) :cry:
what is the matter with the webshild!!!
everyone,just DL it and say what happens plz

support.avast.com runs HTTPS so there’s no WebShield…

what about the case in yahoo mail
why webshield cannot stop google chrome downloading the malware (it said it did)

please guys, Vlk and Lukas, let us know in this thread what happened, and if the issue can be reproduced and fixed.

I’ve seen this happen very long ago, with V5, the web shield behaving strangely off and on, exactly like what the OP reported: downloading the same file (tested that with Eicar archive on plain http at the time with V5), warning and connection aborted as expected, or randomly warning, but the connection isn’t aborted and of course the file is still downloaded. Thanks.

I m re receiving that virus containing spam with different subjects such as
“THIS PHOTO TELLS YOU ALL”,
“THIS PHOTO TELL YOU WHAT”,
“YOU GOTTA BE KIIDING ME”,
“IS IT REALLY YOU IN THIS PICTURE”
and avast webshield is still missing every other one (one in one out)
and unfortunately here is avast support response by “Petr Bucek,2nd level Technical Support” who seeems not to read the issue carfully: :-\

Hello,

Thanks for the file, which is already being detected by avast! antivirus.

If I can be of any further assistance, please do not hesitate to contact me again.

With Kind Regards,

Petr Bucek
2nd level Technical Support

AVAST Software a. s.
Budějovická 1518/13A
140 00 Prague, Czech Republic

I take it you have contacted him again ?
The problem being is as you have said, initially the web shield alerts, it attempts to abort the connection, but n the background that may have completed. So essentially avast is detecting it (as confirmed in the support reply). I don’t know if in your contact with support you made it clear that the web shield was detecting it, but the real problem is that it isn’t blocking it from being downloaded.

Generally the web shield will abort the connection to stop the content being downloaded, but some browsers may disregard the abort connection and complete it. I think I recall something like that before in relation to chrome in the forums.

The secondary problem is that the file system shield doesn’t scan zip files by default (as they are inert), so it isn’t being picked up when the abort connection doesn’t drop the connection or the browser disregards the abort and tries to complete the download.

You could of course change the file system shield, expert settings, Scan when writing and check the Scan all files. This would effectively be scanning ‘all’ newly created/writing files and this would include files written to the hard disk. However this could have an impact on system performance

Dear David
I tried all my best to explain the case,but as I said he might not read it carefully
here is my firt expression:

[b]I have received a spam in my yahoo mail which contained a virus
while downloading(chrome as the browser) the webshield warned and said the malware is blocked:

http://www.avast.com/lp-security-information-fp2?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-challenger2&p_vir=Win32:Ufraie-J&p_prc=&p_obj=&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default2&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=369&p_lng=en&p_lid=en-ww&p_elm=7&p_vbd=1407

but surprisingly the download process was not terminated and the malware(which was in a zipped file)come through my MY DOCUMENTS!!!
scanning the file showed the virus was there,it was not harmful because it was in a zipped file but the webshield could not block the download process
I dont know if it is a bug or I have to change the setting(set by default)
I m using avast 7 free 7.0.1407 and my system is hp laptab dv6000se,amd,quadcore,win7 home premium,browser is chrome 17[/b]

after his firs response I explain it again this way:

Oh sir
pleaze…
did you read the problem carefully?!!
offcourse it was in your database,my problem was avast webshield unability to stop the download process by google chrome
in 50% cases it just warns and says it is blocked,but it does not terminate the downloading and the file come to MY DOCUMENTS
(sometimes avast warning is before the download and it is fully blocked,but sometimes it started after the dl process and it does not terminate it)

Let’s hope he get the case. . .

all the story is here (I dont know if you can access):
https://support.avast.com/index.php?_m=tickets&_a=viewticket&ticketid=1996615

I can’t access the support tickets, I’m an avast user like yourself.

In the meant time if your system isn’t lacking in resources you could try what I suggested and see if any file that isn’t aborted is subsequently detected by the file system shield; plus check if there is an appreciable performance hit with that setting.

But the advantage of webshied(if works properly) is that the malware is blocked before they get through
I mean this kind of protection is one step superior
I dont wanna compare products but the advantage of Avast Free over Avira Free (for example) is the shields,otherwise,even avira can detect and catch the zipped file just after being downloaded (if you change its setting to scan archived files)

Update

I change the setting this way:

file system shield, expert settings,packers…tick “all”

first,dl process started,then webshield warned,dl was finished completely,then file shield warned and quarantined the file
as you see the webshield was bypassed…