I've seen similar behavior on our gateway. We scan with both F-prot and F-secure, and F-prot marks the file as 'could be a security risk'. (the clear is just a textfile you can edit, so you can't rely on that text).
Our Qmail-Scanner (1.20) with F-Secure (4.52) seems unable to catch emails with this virus. The qmail-queue.log shows and error that F-Secure was unable to open a password protected zip file. However, the email is then passed as clear. Have we configured something wrong or is it F-Secure? Norton AV catches the virus just fine at our PC's.
But after unpacking the zip file, it says, infected. I've filtered the bagle.J with the 'virus subject' instead in quarantine-attachments.txt, just to stop most of the automated requests until tomorrow where I'll look for an extra scannerengine. I will report back if another linux AV-scanning engine catches it. (unless others beat me too it)
Our client's all have e-trust, form CA, and they catch it too, like your Norton.
Sincerely Max
smime.p7s
Description: S/MIME Cryptographic Signature
