I got one of those latest Bagle ones yesterday morning (the new variation with the password-protected zip attached, with of course the password included in the main message). My ISP's VirusGuard caught it and quarantined it before avast even got to see it.
Since because of discussions about it here the last couple of days, I already knew it was infected, I was tempted to "deliver as is" just out of curiosity to see at what point avast would catch it. But I played it extra-safe and just deleted it still "out there", without downloading.