If you're familiar with SSH, you can run this command to scan the mail logs and see if any directories are sending spam:
Code:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
That will give you a list, sorted by the number of emails sent from that location. Just make sure to ignore common areas, like CSF or system notifications.