W32.Sobig@.mm.enc on Exch 5.5 it wont stop

[quell]

In the past 2 weeks I have had this virus hit my mail server about 5000 times (nojoke). I've did everything sophos and norton have recommended. Which is basically delete reg settings. I cannot find anthing in the reg either. I have Nortons antivirus for exchange and nortons corperate edt installed on a w2k server w/sp3 pc. About every 30 secs a virus alert pops up saying virus found \exchsrvr\imdata\in\(some #) Delete succeded. So I know that nortons is stopping it. The virus pops up about every 30 secs for about 3 hours then stops. My question is how can I tell were its coming from? Please help!

Things I have tried.
1. Isolated the machine. Unplugged both network cables.= viri alert stopped popping up.
2. Then plugged in LAN cable= Still no viri alert
3. Plugged in internet cable= viri alert popped up in 30 secs
4. Stopped IMC for exchange= Viri alert stopped.
5. Restarted IMC for exchagne= Viri alert popped up.

So I know its has something to do with our email server. I called them and they told me that there viri definitions were up to date yada yada and to find out were its coming from then get back with them. I've read up on this and you can track e-mail from your server but how can you tell were the viri is coming from? I cant tell even which e-mail it is. Ive tried e-mail tracking and looked at the log as soon as a alert popped up bit theres so much on there I can't tell.
Please I need some advise. Thank you in advance

 

[quell]

Sorry....thats IMS service I started and stopped (Internet mail service) not IMC