The most important components and features:
To get a first impression, take a look at the Copfilter-Status-Page version 0.85.3beta4:
Overall, in this Copfilter installation there are 11 installed components listed, starting with the monitoring service 'monit'.
Next, there are various (Proxy-) services:
Each component is listed with description, service name, current version number, the current operating status and process ID(s) and can be - for testing purposes - manually STARTED or STOPPED. But keep in mind: the changes taken here are NOT permanent!
Logically, the overall processing speed and performance of IPCop is the stronger affected, as more of the available Copfilter services are switched ON.
Therefore, for smooth Copfilter operation the minimum hardware requirements are of course somewhat higher than those of a “normal” IPCop.
For a home LAN (4-5 User) the following is recommended as the hardware minimum:
|IPCop V1 / Copfilter 0.8x (HAVP, ClamAV, URLFilter)||IPCop V2 / Copfilter 2.x (C-ICAP, ClamAV, URLFilter)|
|PIII/700 (or similar)||PIII/1000 (or similar)|
|1 GB RAM||2 GB RAM|
|4 GB HDD||10 GB HDD|
The Copfilter default installation only contains the ClamAV virus scanner - any POP3-, SMTP-, FTP- and HTTP-requests can be monitored (IMAP is not supported).
In free versions, AVG and F-PROT only scan all incoming and outgoing e-mails - functional enhancements beyond this require corresponding F-PROT or AVG licenses.
The anti-virus and anti-spam signatures of all installed and active scanners are also regularly updated.
All other components are open source software.
The Copfilter operates transparently thereby.
That means, connected PCs get knowledge of Copfilters activities only if, for example, the download of a - presumably - infected file is blocked. Or, certain e-mails are blocked - users only get a notification via mail about blocked viruses or spam.
If during download a virus file gets blocked by HAVP/C-ICAP and ClamAV, the resulting page looks like this - access to the file the user wanted to download has been prevented:
Potential SPAM and virus mails are also blocked and - if wanted - end up in Copfilter “Quarantine” (see below).
In each case, the user only gets a notification via mail.
The correct Email-filtering of the installed virus scanners can easily be tested on the Tests & Logs-Page:
If the scanners are working correctly the user will shortly thereafter receive an e-mail about some blocked mail which has been sent to the address specified on the e-mail information page:
Copfilter detected a VIRUS in an email sent to you (POP3)!
Instead of the infected email this message has been delivered to you.
Virus name: Eicar-Test-Signature (found by ClamAV)
Attachment: eicar.com… 1)
If wanted, these messages were put in “Quarantine” - they can be administered - deleted or resent (without attachments!) - on the Copfilter Status Page.
A click on the Virus Quarantine button (Red: there are “hits” in the Quarantine, Green: Quarantine is empty)…
…leads to the quarantine management page:
Test sites where you can test the scanner functions:
Besides this, Copfilter also includes a whitelist and blacklist management - controlled via mail or WebGUI. The user can decide from which e-mail addresses, domains or sub-domains mail should be accepted or discarded (Accept / Discard mail):
In the SPAM Overview Manager the user can decide to which Email-adresse(s) the SPAM Digest should be sent to:
But this is only a small part of the included functions, first of all, Copfilter needs to be installed.
How this is done and where to look at should be explained on the following pages.