We see a lot of such viruses at the moment.
Clamav is desperately behind all other AV's at the moment...
We
see them too. It seems Upatre is morphing very quickly, so signature
based AV solutions will always be behind. Here Cloudmark recognizes new
variants of Upatre in about one hour after the first one arrives, but in
that one hour lots of them arrive. So we decided to just block all
emails with EXE-in-ZIP attachments.