Quick question, I don't mean to be rude and this is my first port, but are you saying this as a Forum expert, or Avast Rep, or run of the mill Joe Blow user opinion? :-)
Ive got tons of those already LOL
Such as.....
The Sarcastic
"Ouch...
That is file specifically for testing anti-virus programs.. Have to ask.. Does it detect anything?"
Or from a respected observer.....
"Now THAT is a major red flag. EICAR _ANY_ AV should be able to pick up, that's the computer equivalent of the
"skill testing question" for a contest."
One other asked a decent question IMHO....
"I'm not sure how much of a threat a virus buried inside a password protected zip file is, in the real world?"
The response being.......
"Stuff buried in a ZIP file may be old, but still relevant, way to send malicious stuff to people. Insert comment
here about the (l)user type that clicks everything they get, irregardless of all the warnings you give about safe
hex."
Which in a way supports your response which states, the file has to be triggered in some fashion and then AVAST will respond.
However, I still think its a legitimate question on why it cannot detect this file............ Perhaps no AVs can and the test is indeed moot.
Personally, the most intelligent comment I read.....
"According to the test resuts from that site, I failed all 18 of the tests. The reason being that NoScript simply did not allow the tests to run. Sounds to me like many other "security" vendors I have run into that try to sell their own products to visitors who are already protected. A "security" test that requires a site visitor to give that site unlimited access to their computer/network is not a valid security test (except of course, for the social engineering aspect).
Rule number one of the 10 immutable laws of security: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore."