Proxy servers are a great way to tighten up your network security. Point all your users at the proxy server in their browser settings and allow only the proxy server to go out to the Internet in your inside interface firewall rules.
This example is built on CentOS 5.4 and utilizes squid, dansguardian, clamav and webmin. Daily downloads of malware and various blacklists are included.
Here's the build doc: SetupProxyServer.pdf
Very low overhead for this box. I built it on a single processor virtual machine with 512 MB RAM and a 10 GB virtual drive.
Some things I'd like to add include logging of userid to make logging a little nicer than just by IP address.