From the logs you have presented the server is NOT infected itself.
Its just the file share that the users are mapping to that is seeing infection events.
The best place to get more detailed reports is from the monitors section of the console.
- Log into the SEP console then go to Monitors > Logs > Risk Log
- Set the date range, eg. Past week
- Then click view log
In the top left hand corner of the report you can export the filtered information to a comma seperated text file which can be exported into excel and manipulated with a pivot table.
If you have risk tracer enabled you will be able to see the SOURCE_COMPUTER_NAME and SOURCE_COMPUTER_IP columns.
These should be the actual source of the infection and not just the server name of where SEP is installed.
Once you have identified systems that are potentially infected it is advised that you check that the SAV or SEP service is running and the newest definitions are loaded.
If you suspect the machine still has a virus please refer to the following article that explains how to do a full scan from safe mode with command prompt
How to perform a full virus scan while in safe mode with command prompt:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d77f9ee39aac2ba7882574e80064e3fe?OpenDocument