Let me just say this site is terrific for knowledge on networking and security. Now my problem.
well you're not alone in this one..i manage an exchange email server too. well since viruses today are very smat and well-engineered, they have the capability to "seek out and destroy". this means that since your email server has all the addresses and contacts within your network, once a virus attached as an email manages to find your domain and scans the whole directory of your email server, then it will have the ability to recreate itself enclosed within emails and then send them to your recipients.
this happens since your recipients as well have contact outside your domain/network that they send and receive email with almost everyday and you do not know if the ones they are sending/receiving email to are clean of viruses. some viruses uses legitimate email addresses and some uses spoof.
also, you may know it, but other viruses are very well crafted and that they sometimes make use of your own email server as a means to spread using the email addresses located within your server.
you may not be aware of it but other networks that are receiving email from your domain might have as well been sent with attachments containing viruses too.
the best practice to do is to always an updated AV in your server and clients as well. Also regular updates to MS since you are using Exchange.
there is also another way to prevent viruses coming into your network via emails is by using a mail relay server which is a server that handles email traffic externally. in this way you could filter out legitimate emails from the infected ones.
i believe that there is a tutorial with regards to this one and it is located at
there are also lots of tutorials within this site on how to secure your exchange server.
Thanks for the advice Jhun. We currently use a hosting company to filter our emails before sending them to our mail server and we scan them again when they get to our server. This seems to be working out ok. However I am seeing many massages being spoofed from address within my domain to internal users. This has me a little worried. Maybe someone in my network is infected and generating these emails? So far I have not tracked them down.