[Declude.Virus] HTML_BOFRA.B not getting caught by Declude Virus

[Bill Landry]

Scott, we have the following entry in our virus.cfg files on both of our IMail/Declude servers:   SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /VSTEMP=m:\temp\ /LR=report.txt VIRUSCODE2 1 REPORT2  Found   I also have:  PRESCAN  OFF   However, this particular PayPal phishing message is not getting caught by Declude Virus.  If I run the following from the command-line:   C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /VSTEMP=m:\temp\ /LR=report.txt m:\imail\spool\spam\D3774526500d65bc6.SMD   The report file shows: ========== Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 11/26/2004 00:03:19 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 263 (76319 Patterns) (2004/11/25) (226300) Command Line: C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /VSTEMP=m:\temp\ /LR=report.txt m:\imail\spool\spam\D3774526500d65bc6.SMD   Undet [                ](     ) in m:\imail\spool\spam\D3774526500d65bc6.SMD,(NONAMEFL) Found [    HTML_BOFRA.B](    1) in m:\imail\spool\spam\D3774526500d65bc6.SMD,(NONAMEFL) 1 files have been read. 1 files have been checked. 1 files have been scanned. 2 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 11/26/2004 00:03:19   0.02 seconds has elapsed. ==========   Are these not getting tagged by Declude Virus because of the "Undet [                ](     )" line that is listed just before the "Found [    HTML_BOFRA.B](    1)" line in the report file?  If so, is there a way to fix this?  Shouldn't Declude Virus be looking for the word "Found" in the report file?  We are running Declude v1.81.  Let me know if you would like me to forward you the D*Q files.   BTW, this e-mail is detected as W32/Mydoom.gen!eml by UVScan and as HTML.Mydoom.email-gen-1 by ClamAV on our Postfix gateways (F-Prot does not detect it).   Bill