Hi there, long-time Nanog lurker network engineer with a (maybe off-topic) question related to network architecture solutions to fight the spyware/greyware problem. I was wondering if anyone might have any experience deploying anti-spyware solutions which reside on HTTP Proxies. Several products claim to be able to detect spyware on the wire such as ISS, SonicWall, Fortinet, Astaro, BlueCoat. However, I am concerned about the performance, especially since they have to use an AntiVirus product on the back-end (heavy processing). Curious what the user experience might be, how effective any of these solutions are in really catching spyware, and any other operational experiences from engineers employing any of these solutions out in the field (not from vendors, please) that may help narrow down the choices. Thanks for any input.