I have received an email with a file attached to it that I’ve downloaded (but NOT executed). Avast currently scans this file and finds nothing wrong. However, when looking at it with a hex editor, the string “isxa.exe” and a bunch of ugly URLs are clearly visible within the executable (which is misleadingly named “verslag.doc.exe” and given an Adobe Acrobat (hmmm… why not an MS Word) icon in an obvious attempt to fool unwary users. A Google search of “isxa.exe” lists several alternative virus checkers that consider this file to be malware.

Bottom line is that I think I’ve found a piece of malware that Avast is not catching (a “false negative”). I’d like simple instructions on how to send this file to Avast for inclusion in a future database update, and this forum seems like the logical place to find this info, but it’s not as easy to find as I’d hoped.

My recommendation would be to place a sticky topic in this forum that explains the procedure for reporting false negatives like this. That same topic might also explain how to report false positives, since that seems like a related idea.

If this information is already posted on this board somewhere, it may not be in the most logical place, and it might be advisable to move it to somewhere where it can be more readily found, like the top of this forum.

Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

Or, http://forum.avast.com/index.php?topic=25502.0.

A forum search for False Positive would most certainly return a) instructions on what to do or b) the above link, for more comprehensive instructions. There is a mass of information on the forums, that is why the forum search function is so important, though many never use it.

A false negative, or more commonly called an undetected malware file is also submitted to the same email address for analysis.