While it is correct to continue in your direction and quest for email virus
protection on the system and server ends, you should know that email spoofing
seems to be quite popular. I work for real estate agency and when one of the
viruses spread across the Internet their email boxes take a pounding. Many
emails are along the links of "this email has been returned because it was found
to have a virus" many times this is their mail server that does the scanning and
One check to do is shut down the suspected infected system. For example turn it
of on the weekend while the user out of office. Do the infected emails warning
messages still continue to arrive during the weekend? I bet they might. I'd
suspect that system is not sending the emails and that users name is being
spoofed as the sender.
Spammers are such nice people hu?