User Tools

Site Tools


en:copfilter-basics_-_features_and_first_setup


Copfilter-Basics

Features and first setup

We spent a lot of time on the “textual” side - ok, here are the pictures…:

To configure the basic Copfilter for the first use after successful installation, choose the different Copfilter services one by one from the additional “Copfilter” tab on the IPCop menu bar.

During this initial setup, it is recommended to open the individual configuration pages one by one, setting the option “Skip Service Restart”. The settings are saved, but not activated at this moment.

V1 and V2 menu are a bit different - Copfilter V2 also includes C-ICAP Filter:

Copfilter-V1-MenüCopfilter-V2-Menü
Copfilter-V1-Menu Copfilter-V2-Menu

Status

The status screen has been shown before - here again for completeness in all its beauty (IPCop 1.4.x, Copfilter 0.85.3beta4).

It shows a comprehensive overview of the installed Copfilter components - and something more.

Included are several Documentations, the Virus- and SPAM-Quarantine, the Monit Service Manager, the Whitelist-/Blacklist/SPAM-Manager and various SPAM- and Virus-Statistics.

Some screenshot details (Copfilter V1):

  • All activated services are monitored through 'monit' - details of individual services can be analyzed in detail with the monit service manager.
  • This Copfilter installation is running Monit 5.2.5, P3Scan 2.3.2, HAVP 0.92, SpamAssassin 3.3.1 and ClamAV 0.97.1.
  • Incoming e-mails are filtered using the POP3 proxy P3Scan.
  • Using 'proxsmtp' was omitted - outgoing emails are not filtered.
  • 'Privoxy', 'Frox' and Imspector were also not activated - there is no additional HTTP-/FTP filtering or logging of messenger sessions taking place.
  • For testing purposes activated services can be started and stopped manually through buttons of the column Manual control - but permanent changes can not be made.

V1 Status

In Copfilter V2 (2.0.91beta1), C-ICAP Filter was added as an alternative for HTTP Filter (HAVP). Also, the status indication of each service was extended:

ON = Service is active.
OFF = Service is stopped.
NOT ACTIVATED = Service is deactivated per GUI.
ON ACCESS (no pid) = Special case for service without daemon (for example: free F-PROT-version) - service is started only when required.

V2 Status

E-Mail

The most important and indispensable information after first installation - the Copfilter E-mail-address.

All informations and alarms generated by 'monit' - as well as update-informations and alarms from all installed virus-scanners - will be sent to this address.

Email

By clicking the button

Saving without restart

the settings are applied.

Different to other occasions, there is No service restart required

For mail-delivery sendEmail is being used, if problems occur, perhaps you can find the solution here.

Monitoring

While configuring a service - in this case 'monit' - the user has the choice to only save his settings or also to restart the service:

Monit

Important notes:

  • Each Copfilter service is disabled after initial installation because its still unconfigured.
  • In the example above, activating the service - in this case 'monit' - by setting the option-switch to ON, doesn't really start this service!
  • This takes place while saving the chosen settings by clicking the Save settings (and restart service)-Button.
  • If you want to make more extensive changes, it is possible and useful, especially during initial configuration, to speedup changing the configuration procedure by choosing Skip Service Restart.
  • In this case the activation of all made changes should be done by selecting the button

    Restart all services
    on the Copfilter status page.
  • Through this, all changes are applied at once and permanently activated, and all Copfilter services are restarted in one single step.
  • Therefore, it is recommended during the first Copfilter setup and after each Copfilter update - including restoring the previously saved settings - to save the settings of each service without restarting the relevant service until all services have been configured.
  • Why?
  • This ensures that any newly introduced options and switches with their respective values are written to the configuration right from the beginning.

POP3 Filter

Next, the POP3 scanner (P3Scan) for filtering incoming messages should be enabled and configured for filtering:

P3Scan

To check incoming mail for viruses, set the options “Enable P3Scan to filter incoming traffic…” and “Stop virus emails and send virus notification instead” to ON.

If not already done, this should be the latest point to hesitate and take a close look at the Copfilter documentations!

Another few notes:

  • It is not recommended - here and on the following pages - to switch every available option to ON!
  • On the contrary…
  • The careful selection and consideration of the desired functions is much more important!
  • The study of the relevant pages, plus reading the documentation and an appropriate entry reading is highly recommended!
  • Settings shown in these screenshots can only serve as guidelines for initial start-up! Each IPCop and Copfilter installation is different, so you can't be sure that these settings are suitable for you!

SMTP Filter

This becomes more clearly in the configuration page for the filtering of outgoing mail:

ProxSMTP

To check outgoing mail for viruses, set the options “Enable ProxSMTP to filter outgoing traffic…” and “Stop virus emails and send virus notification instead” to ON.

Outgoing mail is filtered and the attempt to send an email virus is blocked by ProxSMTP according to the settings made:

ProxSMTP - filtered mail

  • Additionally to those settings seen in the 'P3Scan' options, an internal mail server is taken into consideration - things become much more complicated.

HTTP Filter

The configuration page of the HTTP scanner (HAVP, privoxy) can be set to filter all HTTP-network access through the installed virus scanners and through 'privoxy'.

Copfilter 2.0.91beta4 - 'HAVP' is ON, 'C-ICAP' is OFF (see below), 'privoxy' is ON:

HAVP ON

The HAVP-Reference texts should be followed carefully - and please be aware that this is no free-ticket - even with HAVP/C-ICAP you could still receive a virus!

C-ICAP Filter

Since Copfilter version 2.0.91beta1 C-ICAP is included as an alternative for HAVP - for content- and URL-Filtering.

On its - very extensive - configuration page, the various C-ICAP-function groups such as virus filtering, integration of built in URLFilter, editing of own white- and blacklists, selection of the external blacklist and its scheduled update can be configured.

Copfilter 2.0.91beta4, 'C-ICAP ON, 'HAVP' OFF, 'privoxy' ON:

C-ICAP

If C-ICAP is being used, 'Memory Cache Size' for 'Squid' (Parameter 'cache_mem' in
'/var/ipcop/proxy/squid.conf') should not be choosen smaller than 32 MB!

Instructions for using C-ICAP can be found in Picture description and Documentation.

FTP Filter

The FTP Scanner (Frox) is a bit simplier in its settings, there is only ON or OFF

Frox

Some notes again…:

  • The fact that 'frox' and 'monit' via the GUI only show the switches ON and OFF does not mean that there are no other, unvisible settings of these two services!
  • Both are controlled - like all other Copfilter services - using configuration files. In case of 'frox' the complete 'frox.conf' contains about 12 KByte in ASCII text.
  • Copfilter key settings for 'frox' service are already written in 'frox.conf' and cannot be changed via the Copfilter WebGUI.
  • If all parameters and settings of each Copfilter service would be selectable through the WebGUI, configuration pages would be completely overloaded - it would take weeks of document studying to get a running configuration.

IM Proxy

The transparent proxy IM Imspector is available since Copfilter version 0.85.x.

  • On its configuration page, besides the actual activation, monitoring of various supported protocols can be switched ON or OFF.
  • In basic setting selected protocols are only logged through the Real Time Log viewer - connected users get a notice about the logging procedure.
  • Furthermore, 'content manipulation' and 'ACL filtering' capabilities are available - these can be configured by editing '/var/log/copfilter/default/opt/ImSpector/etc/imspector.conf'.


Imspector Real Time Logviewer

AntiSpam

'Spamassassin'-(AntiSpam)-configuration is a little more complicated - the default Copfilter values shown here should only be changed unless you really know what you are doing:

Antispam


About the functionality of SpamAssassin:

  • Each incoming email receives different points of a specific value through the SpamAssassin rules according how large the spam probability of the specific mail is.
  • Upon exceeding an adjustable threshold the email is marked as spam and may then, for example, deleted directly, discarded, moved to a special spam folder, or - marked with a warning subject - sent to the E-Mail client for further filtering.
  • The selectable Bayesian filter is a statistical filter that depends on the occurrence of characteristic words in an email and then calculates a probability that an email is spam or not.
  • Various selectable rules - with automatic updates - improve recognition, but go to the expense of performance.

AntiVirus

This is the configuration page for the installed virus scanners and the 3rd party signatures, integrated since version 2.0.91beta1:

Antivirus
But ClamAV alone is controlled through ~80 possible parameters, which are unvisible here…

Note:
For those, who always got problems installing F-PROT, here's a screenshot how this is done (free workstation version):

Installing F-PROT

This feature was significantly expanded through the integration of 3rd party signatures, providing numerous unofficial virus signature files in addition to work with ClamAV.

Tests & Logs

On the Test & Logs page the Copfilter basic features of the POP3-, SMTP-, HTTP- and FTP-Scanner can be tested. Also several important log files can be viewed directly.

A list of archived logs is not possible here, only the current contents are shown.

Tests and Logs

"Restart all services" for the first time...

If all services have been configured until here with option “Skip Restart Service” set, you should now go back to the Copfilter status page from the beginning.

All services are still in the OFF state.


Now the button “Restart all services” should be clicked:

Restart all services

A new page opens…


And depending on the browser, you'll have to wait for a while - or you may receive the following messages one by one (Copfilter 0.85.3beta4):

Copfilter-Restart

en/copfilter-basics_-_features_and_first_setup.txt · Last modified: 2016/12/04 12:55 by fischerm