I think this whole Trend Micro event has given a lot of credence to my _not_ having AV on every desktop. My department would still be cleaning up the mess if we had Trend Micro on every desktop.

99.999% of this stuff can be stopped at the gateways. Had I been using Trend Micro on the gateways I would still have only one box to fix, (my gateways all forward mail to a single gateway box for AV and anti-spam). At the same time that failure at the gateway allows everything to continue except inbound email... We can still inform the customers that we have an email problem because the outbound mail is unaffected by the gateway.

I dunno... maybe I'm just gloating... but my record with the virus issue stands.... One worm in 3+ years brought in via a laptop attached to a domain I have no control over.... Detected by IDS inside the hour, located and shut down within 30 minutes and cleaned/user killed 30 minutes later... It works for me.....