It seems almost all user submission done at "
https://www.avast.com/report-malicious-file.php" is handled automatically only. I could be wrong, but this is based on my experience.
There are times when I submitted not so prevalent malware to Avast that are not added to signatures. The same happens to most other products whose user submission is mainly handled by the automatic process without a human analyst analyzing them. Microsoft is the best example of that. Only false positives are checked by an analyst (for all AVs), which makes sense of course. But even there, Avast is one of the slowest to fix false positives in my experience. It usually takes 4-5 days, sometimes even a week or more, while Microsoft, Kaspersky, Sophos, Bitdefender (Enterprise submission only), some other fix them within a few hours.
I submitted the phishing/Scam pages described in this article to Avast 4 days ago.
https://www.bleepingcomputer.com/news/security/fake-tsa-precheck-sites-scam-us-travelers-with-fake-renewals/But they are yet to be blocked by Avast. Probably it didn't reach a malware analyst. The automatic process may have scanned the page and didn't find anything malicious, that's why it's not blocked yet.
I submitted this to Bitdefender last night before going to bed and this morning I see that I received a reply from then saying these sites are malicious and detections has been added.
Bitdefender is detecting them as Fraud attempt. That's a perfect description for these sites. The site themselves don't contain anything malicious, probably, but they are fraudulent/scam. Trying to take money from users for nothing. Clearly, a human analyst analyzed those sites on Bitdefender one way or another.
Looks like in case of Avast, an analyst didn't check my submission.
I also have two non-prevalent modified ransomware. The only difference between the two files is that one of it contains codes to elevate admin privilege, while the other one doesn't. Both are able to encrypt some files anyway. After submitting multiple times in the past five-six months, Avast finally started to detect one of them (admin) via signature while the other one is not.
While after submitting to Bitdefender and Kaspersky, both added signatures for both of them because they were checked by an analyst instead of automatic processing.
So yeah, malware submission experience with Avast is quite disappointing. I know Avast surely receives a lot of submission, so it's not possible to check all of them, etc....But fixing false positives shouldn't take 5-6 days. So like I said, the malware submission experience is disappointing. Wish I could directly email an analyst working for Avast.