broadcast packets

we are operating canopy in cluster.many of our users are receiving spoofed broadcast ip packets.while debugging from cisco router we found that that the ip as well mac address is spoofed indicating there might be virus problem in client pc. has anybody have any idea how to restrict ports on canopy SM as , as far as i know ,we can restrict only 6 ports(both tcp and udp) iin canopy SM. thanks in advance