I removed AVG from my wife's computer. I'd removed it from my laptop months ago. I've come to the opinion that AVG is more dangerous than the viruses it's supposed to protect us against. That may be true of other AV programs as well. At any rate, in the years that we've been using AV, we've never encountered a virus. That's thanks to good habits. I think a weekly scan with clamav should be sufficient.

I have written my HTML sanitizer, but now I have to figure out how to apply it. At first I thought of running all incoming email through it, but realized I would be discarding information, which I hate to do. Anyway, if the method was buggy I'd have no way to recover. What I need to do is apply it as the HTML is on its way to the browser. The trick is, however, that I don't want to apply it to all HTML documents. Only ones I don't trust. And this comes around to something I've been thinking about for a long time: how to establish a trust level for documents.

There's really only one way to do this in a multi-user environment: digital signing. Now my HTML sanitizer is going to have to wait until I work out all the ramifications of this idea.