Documentation
Please find all the documentation to copfilter here: README
Christian Scherer contributed a pdf file containing installation instructions which are based
on above README file, includes a webgui description and screenshots:
README.pdf - last update: 2 Jan 2006
Other useful Documentation:
Installing IPCop: The Perfect Linux Firewall Part I -- by Joseph Guarino
Installing Copfilter: The Perfect Linux Firewall Part II -- by Joseph Guarino
German Wiki containing some information about IPCop and Addons like URLFilter, Copfilter and others.
Introduction of Copfilter for IpCop
The main goal of Copfilter is to provide a free and easy to use solution to filter and scan traffic
from any unsecure network, like the internet, for viruses and spam. It has been designed
as a preconfigured and easy to install addon for the opensource firewall IPCop
Copfilter is a package of various opensource traffic filtering software and tools, customized and built to work
together smoothly. All included proxies filter traffic transparently, which means that no client reconfiguration is necessary.
It scans POP3 and SMTP emails for viruses and spam. Instead of a virus infected emails, a user will receive virus
notification messages containing details about originally sent emails, which can also be quarantined if desired.
Spam emails will be tagged as spam by inserting the following text into the subject field: *** SPAM ***
With this procedure any email client will be able to use its own message filtering rules to
automatically delete or move these spam messages into a different folder for a later review.
HTTP and FTP traffic will also be scanned for viruses. If a virus is found, access to that web page or file will be denied.
Network diagram of a ipcop machine running copfilter:
Copfilter Features
Email Scanning:- Virus and Spam scanning of incoming POP3 emails
- Virus and Spam scanning of incoming and outgoing SMTP emails
- Attachment scanning by renaming dangerous attachments (.pif .vbs ..) from email messages
- Adds a note to every email header indicating that the email was scanned
- Email discarding and/or quarantining, depending on a predefined
spam score level or if a virus was found
Internet traffic Scanning
- Virus scanning of HTTP traffic, with no "trickle" effect, but continuous, non-blocking downloads
- Blocks most Phishing and browser exploited websites
- Virus scanning of FTP traffic, with "trickle effect", a download delay is noticeable
(file gets downloaded and scanned in the background, while browser
only receives a few bytes until complete file has been scanned) - Removes ads, banners, pop-ups and other obnoxious Internet junk from HTTP Traffic
Network:
- All services work transparently, no re-configuration on any client is necessary !!
- Highly configurable, scanning can be turned on or off for every attached network
- Any type of email client (Outlook,Thunderbird,Evolution,..) on any OS (Win32,Linux,MacOS,..) can be used
- (RED) IP Alias support for mail server MX entries other than the default assigned ip address
- Allow incoming email only from one ip address (example: ISP mail server)
Monitoring:
- Detailed information about every installed service (cpu/mem usage, uptime etc)
- Service monitoring, if a service should fail, it will automatically be restarted (with email notification)
- Individual Service control - start/stop every services from the monitoring webgui
Administration and Management:
- Copfilter AntiSpam whitelist management through webgui and by sending an email (with prefined commands)
(spam scanning will be skipped on the reply emails ) - Automatic outgoing email whitelisting, adds recipient (To: field) email address of outgoing email to the
whitelist, if a reply email to the original email arrives, spam scanning will be skipped - Copfilter Spam Digest recipient management through webgui
- Ability to automatically download spam and ham emails from an imap folder to train the integrated Bayesian filter
(dramatically improves spam recogition, important for false positives and false negatives) - HTTP Whitelist management through a configuration file
- Uninstall, backup, restore and restore-to-default-configuration capability
- Virus and Spam Quarantine, option to resend, delete messages and/or add the sender email address to the whitelist
- Customizable levels of when email messages should be quarantined or discarded
- Ability to send test virus/spam/bad attachment emails directly from the webgui to test Copfilter functionality
- Links to test http and ftp viruses are included as well
- Copfilter installation and configuration can be done in less than 5 minutes.
just copy the installation file to the ipcop firewall, extract and
execute the included install script (no ipcop addon server required) - Based on the Linux Firewall Distribution IPCop which is very easy to install
Download the iso, burn the cd, answer a few screens and your new firewall is up and running in less than 15 minutes ! - Detailed documentation
- Support through the forum
- Ease to use and highly configurable web-based graphical user interface (webgui)
- Free, opensource and GPL licensed :-)
Statistics:
- Text based AntiVirus: total viruses, by date, hour, month, year, list of last 200 viruses
- Graphical based AntiVirus: weekly display of detected virus types (number of occurances)
- Text based AntiSpam: total ham/spam emails by month, day, year, list of 200 ham/spam emails
- Text based AntiSpam: totals and averages by day/month by number of spam/ham messages, size, scanning time, mean score
- Text based HAVP stats including virus name and originating ip address
Updates:
- Automatic AntiVirus signature updates
- Automatic AntiSpam ruleset updates
- Latest available Copfilter version is displayed in the webgui
(webgui retrieves this information by reading the http://www.copfilter.org website)
User Notifications emails:
- Instead of a virus infected email, the user receives a notification that a virus
infected email has been sent to him, including details like sender, subject,
email header, etc of the original message - Optionally sends a copy of these user notifications to an administrator
- All Spam messages will be tagged in the subject: *** SPAM *** for further client processing
- Daily digest containing all sender email addresses of all received spam in 24h, optionally a user
can send an email to automatically add an email address to the whitelist
Email Reports (for the System Administrator) about:
- Virus signature updates
- Antispam ruleset updates
- Imap BAYES Training results
- Failed services and if the automatic restart has been successful
Software:
- Is able to use upto 3 different virus scanners (ClamAV, F-Prot, AVG) for all protocols
- Only uses opensource software (except for optional virus scanner f-prot and avg)
- Enhanced spam capabilities: Bayesian filtering,
SURBL, DNSBL, Razor,
DCC,
and SARE Spam Rulesets to improve spam recognition - Is able to use a open source and/or commercial virus scanner
For POP3,SMTP,FTP: ClamAV AND / OR F-Prot / For HTTP: ClamAV only - All proxies run as a non-root user
- Init scripts included which can start/stop/reconfigure the proxies (some can be started in debug mode)
- Common log directory with log files from all services (accessable through webgui)
- Supports multi languages based on the ipcop language setting
languages available depend on translations which have been already done
Copfilter is a compilation of the following programs, all preconfigured and combined to work together smoothly
| - a transparent pop3 proxy server | |
| - a transparent smtp proxy server | |
|
- a transparent http proxy server (HTTP Antivirus Proxy) with continuous, non-blocking
downloads and smooth scanning of dynamic and password protected HTTP traffic | |
| - a transparent ftp proxy server | |
|
- a http proxy with advanced filtering capabilities for protecting privacy, managing cookies,
controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk | |
| - a GPL virus scanner with built-in support for Zip, Gzip, Bzip2 and automatic updating | |
| - for Linux Workstations (free for home users), virus scanner is not included, but supported! | |
| - for x86 Mail Servers (corporate use) this virus scanner is not included, but supported! | |
| - for Linux Desktops (free for home use), virus scanner is not included, but supported! | |
| - for x86 Mail Servers (corporate use) this virus scanner is not included, but supported! | |
| - a mail filter to identify spam | |
| - a distributed, collaborative, spam detection and filtering network, used by spamassassin | |
| - a cooperative, distributed system intended to detect "bulk" mail | |
| - a stream filter that can identify and rename potentially dangerous e-mail attachments | |
| - a bash script which automatically downloads new versions of SpamAssassin rulesets | |
| - Monitoring Utility - automatically restarts a failed service, includes a service manager |