What to do if you suspect that computers on your network are members of a botnet under control of a remote party.
You have noticed e-mails or spam sent from inside your LAN without the users consent.
One or more computers are infected and are acting as zombies or bots in a botnet, performing DOS attacks or distributing spam e-mails using user privileges and address books available on the computers.
Follow the recommendations in the Best Practices for Troubleshooting Viruses on a Network article.
A full system scan with Symantec Endpoint Protection (SEP) is likely to detect and remove botnet infection on file system level:
As a preventive action, block the spam on the e-mail server level using antispam filtering (i.e. Symantec Brightmail Antispam or Symantec Mail Security for Microsoft Exchange)