I've been reading thru some of the Cisco and other vendors about virus protection via the edge hardware device.
Then at turkey dinner, we were chatting about ways to address the issue and had some very basic concerns about what could be done at the edge. It would appear that Cisco is merely handshaking with a software client to ensure that the virus scanner is running and up to date. Heck, we had a home grown application doing that years ago for our network domain users. Anyway - what else can a mere hardware device do at the edge ???? It can't be actually running a virus scan on the packets, because you would have to buffer the payload for "x" packets to compare against the classical signature. To say nothing about latency, etc..... Maybe a blacklist of destination IP addresses would point out trojans.
So - what are the various vendors really offering in this area ??? Merely checking to make sure the client has a virus scanner running ?