Working in a web hosting company, I administer quite some shared servers, all of them are cPanel-based. As you may understand, spam can be seen there almost every day, and I'm already very experienced with finding the source of spam and eliminating it. But performing this will definitely require a root password to the server, since a shared cPanel server user does not have enough privileges to at least look at the logs