Is anyone aware of a package that can detect viri on the network & possibly alert when there are? Here is the scenario: Our network is utilized by guest users all the time, sometimes into the thousands. We see guests from all over with a variety of OSs & hardware, all of which, we have no control or say in that matter. I am looking for something that I can run in promiscuous mode and/or on a span port that will sniff for viri and then alert/log when it sees a virus. We can then track down the culprits' ip/mac and shut off the switch port he/she is connected to and then visit with the guest to help them clean their machine. Given the nature of our network and our guests' needs, an inline solution is not an option. Although, I recall that squid supports WCCP, I'm not sure that it would do what I am requesting. I also looked at snort+libclamav, but the info was inconclusive. We are a CentOs shop and I have a spare dual xeon box that I can use for the task. Thanks, Eric