Hi John,
Would you please paste your report?
Thats odd... However, I've never thrown reports on botnet....I knwo that the majority of the traffic is going to be on port 80, since the ASA what blocks is the malicious sites based on Ironport. I have no idea why you are seeing ports other than 80....
Anyway, please paste the report, I would like to take a look at it.
Cheer
Mike
Mike