Really though, if you're running Exchange in production and you get hit with a viral infeciton, wouldn't it behoove you to reinstall/restore from a good known backup instead of "clean up code-red" and keep on truckin?

What this white paper says is that if Exchange gets infected, and the admin doesn't do a good job of cleaning it up, then Exchange sends spam.

Isn't part of a best practice security implementation to rebuild suspect systems? If you've been hacked/infected, what do you do?

I know what my policy is. It starts with fdisk....