Use the same analysis techniques you use with spam to determine the IP
address from which the message originated, and the domain responsible for
that IP address, then send a message to the postmaster address for that
domain. My boilerplate (appended below) includes a copy of the virus
carrier message with complete headers, but without the virus. It also
includes a link to the DataFellows anti-virus web page, not because we use
their anti-virus product (we don't), but because I thought their web page
provided the best description of the virus. Feel free to use this as is, or
to modify it to meet your needs.

As with spam reports, most of the replies I have received are auto-acks,
however, I have received several which said, in effect, that they had
identified the customer and were working with the customer to resolve the
problem.

----- begin boilerplate -----
Subject: WARNING: Hybris virus sent from your domain or net block

The message appended below originated from a system in your net block
or domain. The original message included a copy of the Hybris virus as
an attachment. The system from which the message originated is infected
with the Hybris virus and should not be allowed to connect to the
network until it is been disinfected.

See http://www.Europe.Datafellows.com/v-descs/hybris.shtml for detailed
information about the Hybris virus.

(signature)

===== Original message =====
(virus carrier message, with headers, without attachment)
===== End of original message =====
----- end boilerplate -----



On Thu, 25 Jan 2001 15:09:29 -0500, Dr. Mom <[log in to unmask]> wrote:

>I receive an average of 3 of those per week.  I am frustrated
>because I can't connect them with any particular person or
>server.
>

--
Paul Russell
Senior Systems Administrator
University of Notre Dame