XML and Viruses

I have been assured by our very own security gurus that the plural of virus is viruses, not virii, so no comments are necessary on the subject, okay? Apparently April 25th was the day for viruses everywhere to fear XML security vendors. That was the day Forum Systems announced its plans to integrate Computer Associates' eTrust Anti-Virus capabilities into its XWall product and apparently it was also the day that Layer 7 announced it already had such a capability from Symantec integrated into its SecureSpan gateways. I say apparently because although the press release is dated April 25th, it was routed across the ether and either took a left turn in Albequerque or stopped for a drink in Vegas because it didn't turn up in my inbox until yesterday, the 28th. (No, I'm not bitter at all about it, thanks for asking)

In any case, this is a great move by newcomer Layer 7 and it makes me wonder when the rest of the pack will follow the lead of Layer 7 and Forum Systems. There's a definite hole in the perimeter defenses when it comes to XML and Web Services and it's just a matter of time before it becomes a verifiable threat to the enterprise without proactive moves like integrating anti-virus scanning into the XML defense layer.As deployment of SOAP 1.2 Web services grows, I'd expect to see a growth in attachments to SOAP messages floating around out there. And any protocol that carries along binary baggage whose contents can't be verified is a potential threat that needs to be contained.