Hey if you run ISA Server 2004 or higher, come on, make use of its HTTP filter. You don't need expensive software to block almost anything that "rides" inside the HTTP protocol without you knowing it. Even HTTPS session can be re-established by ISA so that nothing can tunnel through without your ISA "knowing" and "acknowledging" it.
Lots of people have asked me, so how do i block MSN, Yahoo, and other irritants on your network? Well, there's this good article from Microsoft, which you can use with any application layer filtering device to block or allow applications inside and outside your corporate network.
Got questions on ISA or network designs? Let us know, we will help for nuts (Free!).