Someone on the ntbugtrack list mentioned earlier another possible
solution for A/V gateways: checking for the extension of
known-to-be-infected files, and appending the "+" sign at the end (e.g.
.exe+). I have tried this on my first layer Norton Gateway, as well as
my second tier email A/V - the TrendMicro one (and variations of such -
e.g. *.exe+, *.exe*, *exe+, etc.), and have not been successful ...
anybody else having attempted something similar (the reason for the "+"
is the obvious extension name change inside the ZIP, if there is a
password protected file) ?