User Tools

Site Tools


en:copfilter-basics_-_what_is_it


Copfilter-Basics

What is the Copfilter?

  • Copfilter is a collection of programs - a so-called Addon in their entirety - for the IPCop-Firewall-Router.
  • Copfilter extends the IPCop with programs and functions, with which one can filter websites, downloads, as well as incoming and outgoing e-mails for viruses and other “pests”.
  • If a virus or other malicious software has been found, access to that page or its contents - in whole or in part - will be blocked.
  • E-mails will be moved to virus or spam quarantine folders - depending on the setting.

Components

The most important components and features:

  • POP3-Proxy including virus- and SPAM-protection.
  • SMTP-Proxy including virus- and SPAM-protection.
  • Discard / quarantine emails, depending on the preferences of the spam levels or if a virus is found.
  • HTTP-Proxy including Viren- and Ad-Blocker.
  • FTP-Proxy including virus-protection.
  • since Version 0.85.x: IMSpector - Instant Messenger Proxy with monitoring, blocking and content filtering capabilities.
  • since Version 2.0.91beta1: C-ICAP for content adaptation and filtering, with integrated URLFilter.
  • Attachement Renaming-Tool - rename potentially dangerous attachments (.. Pif, vbs …) for mails with attachments.
  • Mail-HTML-Cleaner - Clean HTML emails by removing dangerous HTML tags.
  • Monitoring Utility ('monit') with mail function - if a monitored service fails, it will automatically restart.
  • All services work transparently, no client configuration needed.

To get a first impression, take a look at the Copfilter-Status-Page version 0.85.3beta4:

Copfilter-Status

Overall, in this Copfilter installation there are 11 installed components listed, starting with the monitoring service 'monit'.

Next, there are various (Proxy-) services:

  • Filtering of POP3-, SMTP-, HTTP- and FTP-Data transfer.
  • Instant Messenger Proxy
  • AntiSpam-Filter
  • Installed AntiVirus-Scanner
  • “Attachment Renamer”, responsible for renaming “dangerous file attachments” and the
  • Rule sets for spam filtering.

Each component is listed with description, service name, current version number, the current operating status and process ID(s) and can be - for testing purposes - manually STARTED or STOPPED. But keep in mind: the changes taken here are NOT permanent!

Hardware

Logically, the overall processing speed and performance of IPCop is the stronger affected, as more of the available Copfilter services are switched ON.

Therefore, for smooth Copfilter operation the minimum hardware requirements are of course somewhat higher than those of a “normal” IPCop.


For a home LAN (4-5 User) the following is recommended as the hardware minimum:

IPCop V1 / Copfilter 0.8x (HAVP, ClamAV, URLFilter)IPCop V2 / Copfilter 2.x (C-ICAP, ClamAV, URLFilter)
PIII/700 (or similar) PIII/1000 (or similar)
1 GB RAM 2 GB RAM
4 GB HDD 10 GB HDD
  • :!: Using a CF-card is strongly discouraged at this point - by using Copfilter there are constant read / write requests taking place, which wear out this cards too quickly.
  • :!: Of course there are specialists (german posting!) who got the Copfilter up and running on a CF-card, but such an approach is not recommended.

Virus scanner

The Copfilter default installation only contains the ClamAV virus scanner - any POP3-, SMTP-, FTP- and HTTP-requests can be monitored (IMAP is not supported).

If you want, you can extend virus scanning capabilities with the F-PROT and the AVG-Scanner.

In free versions, AVG and F-PROT only scan all incoming and outgoing e-mails - functional enhancements beyond this require corresponding F-PROT or AVG licenses.

The anti-virus and anti-spam signatures of all installed and active scanners are also regularly updated.

All other components are open source software.

The Copfilter operates transparently thereby.

That means, connected PCs get knowledge of Copfilters activities only if, for example, the download of a - presumably - infected file is blocked. Or, certain e-mails are blocked - users only get a notification via mail about blocked viruses or spam.

If during download a virus file gets blocked by HAVP/C-ICAP and ClamAV, the resulting page looks like this - access to the file the user wanted to download has been prevented:

HAVP: Access deniedC-ICAP: Access denied
HAVP C-ICAP

Customizing the design of the HTML block pages of HAVP or C-ICAP is easy: the related HAVP-templates can be found in
/var/log/copfilter/default/opt/havp/etc/templates/, C-ICAP-templates reside in /var/log/copfilter/default/opt/c_icap/etc/templates/.

Potential SPAM and virus mails are also blocked and - if wanted - end up in Copfilter “Quarantine” (see below).

In each case, the user only gets a notification via mail.

Testing virus scanners

The correct Email-filtering of the installed virus scanners can easily be tested on the Tests & Logs-Page:

Sende Test-Mails

If the scanners are working correctly the user will shortly thereafter receive an e-mail about some blocked mail which has been sent to the address specified on the e-mail information page:

Copfilter detected a VIRUS in an email sent to you (POP3)!
Instead of the infected email this message has been delivered to you.

Virus name: Eicar-Test-Signature (found by ClamAV)
Attachment: eicar.com…
1)

If wanted, these messages were put in “Quarantine” - they can be administered - deleted or resent (without attachments!) - on the Copfilter Status Page.

A click on the Virus Quarantine button (Red: there are “hits” in the Quarantine, Green: Quarantine is empty)…
Quarantine

…leads to the quarantine management page:
Quarantine-Content

Test sites where you can test the scanner functions:

Whitelist-/Blacklist/SPAM-Manager

Besides this, Copfilter also includes a whitelist and blacklist management - controlled via mail or WebGUI. The user can decide from which e-mail addresses, domains or sub-domains mail should be accepted or discarded (Accept / Discard mail):

White/Blacklist-Management

In the SPAM Overview Manager the user can decide to which Email-adresse(s) the SPAM Digest should be sent to:

SPAM Übersichts Manager

But this is only a small part of the included functions, first of all, Copfilter needs to be installed.

How this is done and where to look at should be explained on the following pages.

1)
More details on this - among others - can be found in the sendEmail test instructions.
en/copfilter-basics_-_what_is_it.txt · Last modified: 2016/12/04 12:53 by fischerm