The document describes a mail filter developed to prevent the spread of the "W32/Sircam" computer worm via email attachments. The filter checks for specific phrases and file extensions associated with W32/Sircam. When implemented on an email server, the filter successfully rejected all emails containing W32/Sircam without delaying other email traffic, ending the worm outbreak on the network within 4 days. The filter demonstrates how targeted filtering can block malware spread through email without overly restricting normal email flows.