malware only detected after unpacking with ClamWin

For the past 10 days or so I have submitted lots of malware from some Russian websites. These files are mainly trojan downloaders. It seems that these are updated\modified every few days, so without heuristics it is difficult\impossible to stay up-to-date. At the moment there are 14 files waiting to be added to the CIS database.

While scanning with ClamWin, CIS suddenly reported a virus in one of the files ClamWin was checking, while it reports nothing when scanning the rar files itself. ClamWin has a better “unpacker”? ???

Could you mail me or attach that archive?

I have send you an email with the sample attached.

Btw, this is the message that is shown about the file that was unpacked bij ClamAV (which CIS doesn’t detect by itself):