and relying on a virus scanner to do the right thing is better in what way?
No, there is no better way.
What is the use of having a virus scanner if it doesn't protect the end
user who will click on an encrypted zip attachment, enter the password and
run the executable? :)
the point is, people who "rely" on virus scanners to provide are deluded.
a virus scanner doesn't fix the security problem, it merely moves it and
makes the system more complex and harder to understand.
now if you make an effort to discourage user agents that are known to be
insecure, and you want a virus scanner as a backup, that's a different story.