We regularly get viral email addressed to one of our email accounts purporting to be from our webserver (supposedly from an admin). The email says something about needing to update our account. I have never checked this out because it seemed obviously viral (Mcafee cathches it) and I know that email addresses can be spoofed.

However, today I thought to look at the return path and it does contain our appliance address. Should I be concerned that the server has been cracked? Any particular tools that I (as a novice) could use to make a reasonable scan?

Thanks for any suggestions.