I am the system administrator of a small company with 20 PCs on the network. One of our PCs was infected with the W32/magistr@MM virus.  Here are my comments/questions surrounding this virus:
1) This computer's virus engine and definition files were updated with superdat4141.exe on June 6, 2001.  This upgraded the scan engine to 4.1.40 and the most recent definition files.
2) The user opened up his email
3) McAfee detected and cleaned the virus.  
4) The user opened up the SULFNBK.exe attachment after the virus was cleaned
5)  The system locked and the PC was rebooted.
6)  I noticed that 17 directories had been moved from C:\ or C:\Windows.  One of them was C:\Program Files, which lead to several messages upon booting that files were missing.
7)  After these directories were moved back, all was fine.

My question is.......what good is virus scan software if it doesn't protect your PC?  And what good is it to keep the .dat files up to date?

A somewhat unrelated question is.....I try to tell all of our users not to open up any .exe files attached to their emails.  But when an email is opened and the attached file is at the bottom, the entire file name does not show, so how are users supposed to tell if it is an .exe or not?  We are using Outlook.

The user could have bypassed the virus scan (I have seen it happen, always amazes me why they would want to)

As for the second half of your post, If you are running exchange server, I would look into software like Antigen (www.sybari.com) with this type software you can strip off certain file types before they reach the end user.


hth
Rob

p.s.
 There are a few differnt makers of this type software, I used Antigen as the example (just because that is what I use)

Thanks for the response.  The user did not bypass the scan, as I saw the scan in the scanlog.  And we do NOT have Exchange.