This is an old attack but maybe with a new malicious payload. I would recommend blocking all EXE’s on your Exchange system. Tell users not to open this type of message even in their personal email accounts. Check out this <a href=”http://search.mcafee.com/search?q=hallmark&site=us_site.Virus&num=10&sort=date:D:L:d1&output=xml_no_dtd&proxystylesheet=default_frontend_us&client=default_frontend_us&getFields=description&ie=UTF-8&oe=UTF-8&filter=0&”>search result on the McAfee VIL website</a>. Try using one of the online scanners from <a href=”http://housecall.trendmicro.com/”>Trend Micro</a> or <a href=”http://home.mcafee.com/Downloads/FreeScan.aspx”>McAfee</a>. You can also submit a copy of the file for scanning to <a href=”http://virusscan.jotti.org/”>Jotti.org</a>
Are you using symantec mail security on your exchange boxes or just symantec anti virus? The Mail Security gives you more options specific to email and Exchange. I would investigate that as well. Also there are 3rd party vendors which will filter your email for viruses before it hits your exchange servers. Message Labs gives a 100% guarantee against email viruses and a 97% guaranteed reduction in SPAM as well. Our organization found it worth the money to use them.
If you think your computer or networked computers are all infected with that certain hallmark virus, the first thing you have to do is to backup all the important and confidential data of the company before they could be stolen. Remember that most viruses are designed to steal information and destroy the computer system.