so i understand you well, any virus could not discovered bei avast, if the string is only in RAM memory.
I did not say that. Sure, memory can be scanned, by avast! as well - I just don't know how to scan memory
continuously.
But couldnt any virus´infect my system when it runs in RAM-memory?
If it
runs, as you write, you're already infected. The virus has to get into the memory from somewhere in the first place - and the sources (e.g. files) are scanned by avast!, so scanning memory should not be necessary.
If i copy the content of the infected file to RAM (in this special case the content of the eicar-testfile), avast have to notice that and have to alarm.
Not really. First, "copying into RAM" doesn't necessarily mean "execution". avast! distinguishes between scanning files "on execute" and "on open" (you can configure it in the File System Shield settings). While the first one is certainly very important because it prevents malware from being executed, the second one - simple reading the data into memory, e.g. to view them in Notepad, is just a waste of time (read: "slows down the computer without any significant security improvement"). Second, it doesn't really matter whether the source of the "copy" (i.e. the file, for example) or the target (the RAM, as you say) is scanned - so it's the first one, because the later would be technically rather hard to do.
Third, Eicar is not a good test file in this respect - it's supposed to be a file, and if you read the exact specification on eicar.org, you'll find out that this signature has to be in the very beginning of the file - otherwise it should
not be detected. So, Eicar would not be detected during a memory scan even when other (real) malware would - because its specification says it shouldn't be.