Missed virus?

[Gerry Doris]

I am comparing two separate virus notifications and can't figure out why
there is a difference.  In the first message below F-Prot and Trend each
found the Sobig.F virus.  However it was missed by ClamAV and MailScanner
didn't complain about the file tpye.

In the second message ClamAV, F-Prot, and Trend found the same virus AND
MailScanner flagged the filename.

It appears that the actual problem file was hidden from ClamAV and
MailScanner in the first message by sticking it in a txt file.  Is this
the reason for the difference?  In other words, this is a serious short
coming for those only running ClamAV.

Gerry


Message 1
    Sender: mailer-daemon at twista.freelimit.com
IP Address: 127.0.0.1
 Recipient: bdoris at localhost
   Subject: Mail delivery failed: returning message to sender
 MessageID: h85GKCv7010242
    Report: F-Prot:
/var/spool/MailScanner/incoming/6184/h85GKCv7010242/msg-6184-52.txt->document_all.pif
 Infection: W32/Sobig.F at mm
            Trend: Found virus WORM_SOBIG.F in file
./h85GKCv7010242/msg-6184-52.txt



Message 2
    Sender: 7uifbbly6 at compuserve.com
IP Address: 127.0.0.1
 Recipient: bdoris at localhost
   Subject: Your details
 MessageID: h85GUEv7010704
    Report: ClamAV: document_9446.pif contains Worm.Sobig.F
            F-Prot:
/var/spool/MailScanner/incoming/6184/h85GUEv7010704/document_9446.pif
Infection: W32/Sobig.F at mm
            Trend: Found virus WORM_SOBIG.F in file
./h85GUEv7010704/document_9446.pif
            MailScanner: Shortcuts to MS-Dos programs are very dangerous
in email
(document_9446.pif)
            No programs allowed (document_9446.pif)