Let me suggest that you start by reading up on running a transparent proxy with Squid. I'm pretty sure DG uses squid, so you might be able to kick it into transparent mode.
If you're concerned about blocking malware and the like, you can implement filtering by extension in squid, and add SquidClamAV to actually scan every object. Filtering by extension is pretty easy in Squid, though you'd need to learn a bit about "regular expressions" to write the rules. For instance, these rules block all downloads of anything ending in .exe:
(The "\.exe$" is a regular expression that matches any URL ending in ".exe".) The "acl" defines a pattern that I've arbitrarily named "EXE" against which web requests are matched. The http_access rule denies downloads of objects that match the pattern referenced by EXE.
acl EXE url_regex \.exe$
http_access EXE deny