>> Theoretically shouldn't it be possible to scan all email at the gateway for a
>> virus inside a mail message?
>This scan will fail when internal users are using PGP, PEM, or
>some other encrypted mail protocol.
Again the problem is a faulty paradigm. Choose what can be done. You cannot
(or only in rare instances) prove a negative ("This E-Mail does NOT contain
a virus"). You can prove a positive if you take care ("This E-Mail contains
ONLY English text"). Pass "text only" and you have most likely reduced the
E-Mail requiring a decision to a manageable level.
Over the years I have solved a number of "insovable" problems using this
technique of "divide and separate" until all that is left are solvable ones
(and often just a single mucky one 8*).
The problem is that such a decision matrix does not follow a nice simple
tree structure such as professors love, if anything it usually looks like
a tree standing on its point - single entry, multiple exits, and no two
paths the same length. CASE statements at the start help.