PDF:UrlMal-inf[Trj] moved to Virus Chest - but it wasn't

[gladtobegrey]

This morning a message popped up to say that this had been detected in a pdf file in a copy of the Windows File History (from another machine).  I understand that it means that the document has a URL reference to a malicious/blacklisted site.

However, when I looked in the Virus Chest, the document was not there.  I am running a targeted scan to see if it is reported again.

Why was it (apparently) not moved to the Virus Chest?

[Milos]

Hello,
the Virus chest can be full or the file too big to fit in there (check virus chest settings).

Milos

[gladtobegrey]

Virus Chest: 256MB (the default, presumably, as I have not changed it.
There were five or six items in the Chest already, so perhaps it was full.  I'll increase the size (to 1024MB) and see if that makes any difference.

[Milos]

Also check the settings for actions in case of detection -- if there is "Move to chest".

Milos

[gladtobegrey]

"Move to Chest" is set.  It would seem the Virus Chest was too small at 256MB with half a dozen items already in there.  I've cleared it, upped the size, and this time the new item(s) were moved in.

Pity Avast doesn't:

• Report that it was unable to move the item into the Virus chest because of lack of space
• identify the offending url(s) it found.  It must have that information.

I sent the offending PDFs to Avast for evaluation.

[gladtobegrey]

I have not yet received a response to sending the 'offending' pdfs to Avast for evaluation.

The original files were held on an external USB drive.  I copied them to my hard drive, and the copies were flagged and moved to the Virus Chest.

Opening the files in Adobe Reader does not trigger the same response.

If I  "Scan the files for viruses" from Windows File Explorer right-click context menu Avast reports "Scan from Windows Explorer has finished. No issues found."

Is the File Explorer scan only checking for viruses, and not for links to malicious sites?  Seems like a serious omission, if so.

[DavidR]

@  gladtobegrey
You could try creating a new folder on your drive c:\ drive or somewhere convenient and call is something like c:\avast-exclude and exclude the location within the avast program exclusions. 

That should allow you to copy to that location and from there to avast.

[Michael (alan1998)]

Do these PDFs contain any private information? If not, can you upload them to something like Dropbox/Google and DM me a link?

Are there any links visible in the PDF that you can click? (Don't click them!)

[gladtobegrey]

@DavidR re: "That should allow you to copy to that location and from there to avast".  Thanks for the suggestion, however I sent the files from the Virus Chest, so didn't need to set up a separate exclude folder.

I've  had cause to reload files from the disk which originally cause the problem, and Avast seems to no longer be flagging them/moving them to the Virus Chest.

[DavidR]

You're welcome, good to hear that it is now resolved.