Documentation 

Please find all the documentation to copfilter here:   README 



Please look into the Copfilter Wiki for more information. You will also find some tips there on how to update ClamAV. 

Christian Scherer contributed a pdf file containing installation instructions which are based 
on above README file, includes a webgui description and screenshots: 
Please be aware that this pdf file is very old and a lot of information in it is already obsolete. 
Nevertheless it might be useful to start with. 
README.pdf    - last update: 2 Jan 2006 


Other useful Documentation: 
Installing IPCop: The Perfect Linux Firewall Part I -- by Joseph Guarino 
Installing Copfilter: The Perfect Linux Firewall Part II -- by Joseph Guarino 
German Wiki containing some information about IPCop and Addons like URLFilter, Copfilter and others. 

 

 

Copfilter v2 documentation will be completed soon! You can find a german install instruction on

Copfilter Wiki.

 

Short Feature Overview for copfilter-2.0.90beta4 by addons:

  • monit (Watchdog)
  • p3scan (POP3 tranparent proxy, to filter spams and viruses)
  • proxsmtp (SMTP transparent proxy, to filter spams and viruses)
  • HAVP (HTTP virus scanner, used with squid proxy)
  • Privoxy (HTTP Filter, to filter internet trash)
  • frox (FTP transparent proxy, to filter ftp traffic for viruses)
  • Spamassassin (Spamfilter)
  • ClamAV (free Antivirus Scanner)
  • F-Prot (Antivirus Scanner, not included, license needed, but supported)
  • Imspector (Instant Messenger transparent proxy, get controll about IM traffic)
  • Renattach (Attachement Renamer)
  • SA Rules (additional rulesets for spamassassin)


Short Feature Overview for copfilter-2.0.90beta4 implementations:

  • learning Spams and Hams over IMAP (Bayes Training)
  • Webinterface for managing E-Mail black- and whitelist
  • Webinterface for managing spams
  • graphical/text statistics for hams, spams and viruses found by copfilter addons

 

 

Introduction of Copfilter v1 for IPCop

The main goal of Copfilter is to provide a free and easy to use solution to filter and scan traffic 
from any unsecure network, like the internet, for viruses and spam. It has been designed 
as a preconfigured and easy to install addon for the opensource firewall IPCop 

Copfilter is a package of various opensource traffic filtering software and tools, customized and built to work 
together smoothly. All included proxies filter traffic transparently, which means that no client reconfiguration is necessary. 

It scans POP3 and SMTP emails for viruses and spam. Instead of a virus infected emails, a user will receive virus 
notification messages containing details about originally sent emails, which can also be quarantined if desired. 

Spam emails will be tagged as spam by inserting the following text into the subject field: *** SPAM *** 
With this procedure any email client will be able to use its own message filtering rules to 
automatically delete or move these spam messages into a different folder for a later review. 

HTTP and FTP traffic will also be scanned for viruses. If a virus is found, access to that web page or file will be denied. 

Network diagram of a ipcop machine running copfilter: 


 


Copfilter Features

Email Scanning:

  • Virus and Spam scanning of incoming POP3 emails
  • Virus and Spam scanning of incoming and outgoing SMTP emails
  • Attachment scanning by renaming dangerous attachments (.pif .vbs ..) from email messages
  • Adds a note to every email header indicating that the email was scanned
  • Email discarding and/or quarantining, depending on a predefined 
    spam score level or if a virus was found


Internet traffic Scanning

  • Virus scanning of HTTP traffic, with no "trickle" effect, but continuous, non-blocking downloads
  • Blocks most Phishing and browser exploited websites
  • Virus scanning of FTP traffic, with "trickle effect", a download delay is noticeable 
    (file gets downloaded and scanned in the background, while browser 
    only receives a few bytes until complete file has been scanned)
  • Removes ads, banners, pop-ups and other obnoxious Internet junk from HTTP Traffic


Network:

  • All services work transparently, no re-configuration on any client is necessary !!
  • Highly configurable, scanning can be turned on or off for every attached network
  • Any type of email client (Outlook,Thunderbird,Evolution,..) on any OS (Win32,Linux,MacOS,..) can be used
  • (RED) IP Alias support for mail server MX entries other than the default assigned ip address
  • Allow incoming email only from one ip address (example: ISP mail server)


Monitoring:

  • Detailed information about every installed service (cpu/mem usage, uptime etc)
  • Service monitoring, if a service should fail, it will automatically be restarted (with email notification)
  • Individual Service control - start/stop every services from the monitoring webgui


Administration and Management:

  • Copfilter AntiSpam whitelist management through webgui and by sending an email (with prefined commands) 
    (spam scanning will be skipped on the reply emails )
  • Automatic outgoing email whitelisting, adds recipient (To: field) email address of outgoing email to the 
    whitelist, if a reply email to the original email arrives, spam scanning will be skipped
  • Copfilter Spam Digest recipient management through webgui
  • Ability to automatically download spam and ham emails from an imap folder to train the integrated Bayesian filter 
    (dramatically improves spam recogition, important for false positives and false negatives)
  • HTTP Whitelist management through a configuration file
  • Uninstall, backup, restore and restore-to-default-configuration capability
  • Virus and Spam Quarantine, option to resend, delete messages and/or add the sender email address to the whitelist
  • Customizable levels of when email messages should be quarantined or discarded
  • Ability to send test virus/spam/bad attachment emails directly from the webgui to test Copfilter functionality
  • Links to test http and ftp viruses are included as well
  • Copfilter installation and configuration can be done in less than 5 minutes. 
    just copy the installation file to the ipcop firewall, extract and 
    execute the included install script (no ipcop addon server required)
  • Based on the Linux Firewall Distribution IPCop which is very easy to install 
    Download the iso, burn the cd, answer a few screens and your new firewall is up and running in less than 15 minutes !
  • Detailed documentation
  • Support through the forum
  • Ease to use and highly configurable web-based graphical user interface (webgui)
  • Free, opensource and GPL licensed :-)


Statistics:

  • Text based AntiVirus: total viruses, by date, hour, month, year, list of last 200 viruses
  • Graphical based AntiVirus: weekly display of detected virus types (number of occurances)
  • Text based AntiSpam: total ham/spam emails by month, day, year, list of 200 ham/spam emails
  • Text based AntiSpam: totals and averages by day/month by number of spam/ham messages, size, scanning time, mean score
  • Text based HAVP stats including virus name and originating ip address


Updates:

  • Automatic AntiVirus signature updates
  • Automatic AntiSpam ruleset updates
  • Latest available Copfilter version is displayed in the webgui 
    (webgui retrieves this information by reading the http://www.copfilter.org website)


User Notifications emails:

  • Instead of a virus infected email, the user receives a notification that a virus 
    infected email has been sent to him, including details like sender, subject, 
    email header, etc of the original message
  • Optionally sends a copy of these user notifications to an administrator
  • All Spam messages will be tagged in the subject: *** SPAM *** for further client processing
  • Daily digest containing all sender email addresses of all received spam in 24h, optionally a user 
    can send an email to automatically add an email address to the whitelist


Email Reports (for the System Administrator) about:

  • Virus signature updates
  • Antispam ruleset updates
  • Imap BAYES Training results
  • Failed services and if the automatic restart has been successful


Software:

  • Is able to use upto 3 different virus scanners (ClamAV, F-Prot, AVG) for all protocols
  • Only uses opensource software (except for optional virus scanner f-prot and avg)
  • Enhanced spam capabilities: Bayesian filtering, SURBL, DNSBL, RazorDCC
    and SARE Spam Rulesets to improve spam recognition
  • Is able to use a open source and/or commercial virus scanner 
    For POP3,SMTP,FTP: ClamAV AND / OR F-Prot   /   For HTTP: ClamAV only
  • All proxies run as a non-root user
  • Init scripts included which can start/stop/reconfigure the proxies (some can be started in debug mode)
  • Common log directory with log files from all services (accessable through webgui)
  • Supports multi languages based on the ipcop language setting 
    languages available depend on translations which have been already done




Copfilter is a compilation of the following programs, all preconfigured and combined to work together smoothly 

  • P3Scan
  • - a transparent pop3 proxy server
  • ProxSMTP
  • - a transparent smtp proxy server
  • HAVP
  • - a transparent http proxy server (HTTP Antivirus Proxy) with continuous, non-blocking 
    downloads and smooth scanning of dynamic and password protected HTTP traffic
  • frox
  • - a transparent ftp proxy server
  • Privoxy
  • - a http proxy with advanced filtering capabilities for protecting privacy, managing cookies, 
    controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk
  • Clam AntiVirus
  • - a GPL virus scanner with built-in support for Zip, Gzip, Bzip2 and automatic updating
  • F-Prot Antivirus
  • - for Linux Workstations (free for home users), virus scanner is not included, but supported!
  • F-Prot Antivirus
  • - for x86 Mail Servers (corporate use) this virus scanner is not included, but supported!
  • AVG Antivirus
  • - for Linux Desktops (free for home use), virus scanner is not included, but supported in v1!
  • AVG Antivirus
  • - for x86 Mail Servers (corporate use) this virus scanner is not included, but supported in v1!
  • SpamAssassin
  • - a mail filter to identify spam
  • Vipul's Razor
  • - a distributed, collaborative, spam detection and filtering network, used by spamassassin
  • DCC
  • - a cooperative, distributed system intended to detect "bulk" mail
  • renattach
  • - a stream filter that can identify and rename potentially dangerous e-mail attachments
  • RulesDuJour
  • - a bash script which automatically downloads new versions of SpamAssassin rulesets
  • monit
  • - Monitoring Utility - automatically restarts a failed service, includes a service manager