I'm using an ISA 2003 firewall between my LAN and internet. My LAN has around 400 clients. now I have problem: some of users is infected with spyware, and it sends many mails, and use most the bandwith.
Using ISA 2003, how can I detech who is infected with spyware? or saying in other way, who use most my bandwith?