I clicked on the eicar test files. Now i scanned a few of them in the chest, avast gave alerts. So they are real objects then.
hXXp://www.eicar.org/download/eicarcom2.zip
hXXp://www.eicar.org/download/eicar.com.txt
They are physical files in the chest, but that file name is a right royal screw up (technical term) as it incorporates the URL.
As you stated they are not actual html pages. But why does this difference occur? Why does web shield quarantine the objects only when silent mode is enabled?
Well this is something that isn't documented and I certainly didn't expect it, having just set the web shield to silent mode and clicked both of the links in your post. images 1&2
a) The connection is aborted and a firefox error 'The document contains no data' displayed, but no avast alert pop-up (as expected), but none on the bottom of the screen either, totally silent.
b) The same happened on the second link, so I think you can see the point I was raising that the user could be totally in the dark about it being a virus problem if all they see is 'the document contains no data' if using firefox or a similar alert in IE or Opera, etc.
Let's think about surfing a web site, not a direct download process. Do you have any certain idea about the rest of the content of a web site in which avast catch a malware? I asked previously this question, and i think it is as what i said.
You misunderstand what I said, as there can be no certainty in what may be displayed. As I said it depends on what the alert is on, if the .html page then nothing could be displayed. If another element then something 'may' be displayed but there is no guarantee as again it depends on what that element is, it could be that it is a flash element that makes up all or the majority of the content of the page.
So it is a crap shoot and there is no certainty to say what if anything will be displayed from one alert to the next. That is the problem all that the users sees is a problem displaying the page or elements of the page and is tearing out their hair trying to find out why, with not the slightest idea it may be virus related unless by some freak of chance they look in the virus chest.
After running the tests I looked in the chest and found the two screwed up file names, my view of this is that if this is to happen, a) it should be documented (see image 3) and b) the file name should be just that the file name and the URL placed in the Original location field, but I guess that isn't too easy.
By creating a name that includes the URL it breaks the standard windows file naming conventions (see image 4) and if the user tries to extract the file from the chest, to say check the detection at virustotal, it would fail. So to my way of thinking the file name in this format stops checking if the detection is good or bad limiting any good reason to sent it to the chest.