I am looking for ideas to stop the spam created by compromised Windows PC's. This is not about the various worms and viruses replicating but these boxes acting as open relays or open proxies.
There are valid reasons not to run antivirus software, coupled with clueless users, this results in machines that SPAM again just a few hours after having been cleaned.
First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have to build the solution around this fact.
I don't agree with this. It's almost impossible to "secure" windows machines. Even applying all patches as soon as they come out doesn't make sure you are "safe". Given, this applies to all operating systems, but the rate of windows patches is sure to throw users into a state of "this is impossible to keep up". I've seen machines become compromised even when fully patched only to realize what happened when the next MS patch came out - just look at how long it took MS to fix the ASN.1 issue. We can't continue to blame end users for negligence but also keep delivering crappy software to them. Why not blame Microsoft? Why not blame legislation for allowing vendors to deliver insecure applications and systems?
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
What are you going to scan for? Specific ports or all ports? That's going to take awhile and who knows what's going to happen to the guy on the other line. Keep in mind that the current spam proxies do not listen on fixed ports and they change quite often. While you scan the proxy app may even move from an unscanned port to a scanned port. So a client you though secure is not. Rgsd, -GSH