Does your email client automatically open HTML messages? If so, you can be infected without clicking on a link via Remote Procedure Calls, ActiveX scripts, and various other means if they are enabled and capable of exploiting any security vulnerabilities. The windows RPC system under ME and prior to XP SP1 was riddled with security holes. I stuck to browsing under 98SE (which didn't support RPC) until XP SP1 was released.
I'd hesitate to call it an admin fail per se but AVG shouldn't be the first line of defense. That should be the end user followed by a system config appropriate to the typical end user followed by a decent backup system. Do your systems hide extensions for known file types? They shouldn't. They will display Anna Kournikova.jpg.exe as Anna Kournikova.jpg and further tempt users to open such attachments. Are any but the most experienced users able to login with administrative rights?
AV vendors are always playing catchup so the latest viruses are always around for days or weeks or even months before the scanners (especially the fast free ones) start detecting them. I'll have to look around and see if there are any new threats out there that caught a couple of AV vendors with their proverbial pants down.