> Ah. That's the problem. You _should_ be asking for better software. Virus
> scanning on firewalls already exists (although it's a performance pig, and
> can't deal with everything, and - well - you know the rest). The firewall
> is just the _wrong_ place in the data model for this kind of thing. It may
> be the expedient place (and frequently is), but the "correct" solution is
> to stop such things the only place that has access to the unencrypted,
> undecoded, unmangled document - the user's machine.
By running software that doesn't execute untrusted code whenever you start
up a text editor, read mail, or view a web page, right? By using operating
systems that don't assume that users have to have write access to system
files, right? Virus checking is just the _wrong_ place in the data model for
this kind of thing.