We know that a short message encrypted with RSA can easily be brute forced.
A short message encrypted with textbook RSA can easily be brute forced. The problem is not that the message is short. A much longer message chosen in a small set (like the identity of a person on the public class roll) can also be brute-forced by the same technique. The problem is low-entropy message combined with the use of textbook RSA encryption (with no random padding).
Bob encrypts (..) messages with his private key.
That "encrypts" is erroneous terminology for applying the transformation $m\mapsto f(m)=m^d\bmod n$ where $(n,d)$ is Bob's RSA private key. That does not encrypt, since that term designates transforming a message in order to make it unintelligible to adversaries, and here anyone can undo the transformation using the public $(n,e)$. The term "encrypts" must be changed to "transforms" or "signs". The result $f(m)$ of that operation is the textbook RSA signature of message $m$ by Bob's private key.
Could the attacker somehow forge a new one or two character message so that it seems like it came from Bob?
Yes. The basic tool used is the multiplicative property of function $f$: for all $m_1,m_2$ it holds $f(m_1\cdot m_2\bmod n)\ =\ f(m_1)\cdot f(m_2)\bmod n$. Thus an adversary knowing the textbook RSA signature of messages $m_1$ and $m_2$ can find the textbook RSA signature of message $m_1\cdot m_2\bmod n$, or ${m_1}^i\cdot{m_2}^j\bmod n$ for any pair of integers $i,j$.
For messages constrained to have a meaning, a possibility is to have $m_1\cdot m_2=m_3\cdot m_4$ which allows to compute the textbook RSA signature of $m_4$ from that of $m_1$, $m_2$ and $m_3$, as $f(m_4)\ =\ f(m_1)\cdot f(m_2)\cdot f(m_3)^{-1}\bmod n$.