Whilst I haven't been infected by this particular Ransomware, I was infected by a Crypt0l0cker (or something calling itself that) which never got "detected". The affected machine was quickly identified and taken off the network.
I inquired as to why the Ransomware was not detected and support said it was possible that it was a new variant not yet detected by current definitions. It was a pretty widespread in the news at the time, so would have expected it in definitions if not picked up by heuristics, so my confidence in Avast took a hit.
https://www.avast.com/virus-update-history was of no help and is not even kept current so is pretty useless. I kept my eye on the list and never saw a name similar to Crypt0l0cker so I assumed it was either under a different name or was in definitions already (but I couldn't view the full history to prove anything).
So whilst I am not helpful in your scenario, I can sympathize with you, as I can see no reason why Arena would not be detected by now given it's age.
I can only suggest to try and trigger an EICAR test to make sure the VM detects it to prove its actually functional.