…And Now For Something Completely Different…

• Ok, now it's time for a small change to make things a bit more relaxed:

• The main purpose of this part is to collect and describe several Tips and Tricks regarding - not only - the Copfilter-Addon but IPCop in general!

• I won't repeat the usual safety precautions and notes from Part 4 at this point, but of course they're still have validity!

Please note:

Anyone who has kept up through herein, should know what can safely be done and what not:

• This is not for absolute beginners!
• How old is my last BACKUP?
• What's that thing called RESTORE?
• Who or what is a “Vi”, where does it live, what does it eat ..?
  
  Quick-Reference-Card for 'Vi': http://st23.org/misc/sysadmin//downloads/referenzkarte-vi.pdf

See: http://www.ipcop-forum.de/forum/viewtopic.php?t=11690

Shutting down IPCop via power button is possible with the help of a little “hack”.

Necessary conditions:

• The computer / BIOS must be ACPI-compliant.
• IPCop must be started with the ACPI kernel.

“Power-Button-Hack”

Simply add the following lines at the end of the file '/etc/rc.d/rc.local':

rc_local_power_button_mod

# power button shutdown
if grep -q '^button' /proc/modules ; then
head -1 /proc/acpi/event | grep -q 'button/power PWRF' && /usr/local/bin/ipcopreboot down &
fi

After a reboot (or manually executing /etc/rc.d/rc.local) IPCop will now perform a clean “shutdown” and power off the machine by simply pressing a button.

See: http://mh-lantech.css-hamburg.de/ipcop/e107_plugins/forum/forum_viewtopic.php?4714

Simple modification to the IPCOP css style menu . for a more visible menu hover color.

Info . to change the default menu hover color of a bright white to one of the colors in the IPCOP shield (a yellow-ish orange)

In the file … /home/httpd/html/include/ipcop.css … (near the bottom of the page) …
Find the following . clipped out of context.

div.ipcop_menuElementHover {
color: #FFCC33;
# DEFAULT: FFFFFF
}

div.ipcop_subMenuElementHover {
padding: 3px;
color: #FFCC33;
# DEFAULT: DEDFEF
}

Change the default color . to #FFCC33 . *(above example already modified)

Save the file … then refresh any IPCOP cgi page …
… the IPCOP menu should now be a little easier to see - n' navigate.“

This is a file in '/var/log/copfilter/default', whose existence and function is unfortunately often overlooked by many Copfilter-Users.

Many basic functions of an installed Copfilter can be controlled by this file:

root@Develcop:~/copfilter # ./setup_util
ERR: unknown option

Usage: setup_util OPTION

Options:
-a, --addmenu           add copfilter menu to the webgui (already done with -i)
-b, --backup [FILE]     backup current settings & logfiles (optional: backup file)
-d, --default           restore default configuration
-i, --install [--force] install (or reinstall) copfilter (use force if already inst.)
-f, --fprot FILE        install fprot, FILE: download and copy fprot >GZIP-ed TAR file< to ipcop
                        URL: http://www.f-prot.com/download/home_user/download_fplinux.html
                        example: setup_util -f fp-linux-ws.tar.gz
-r, --restore [FILE]    restore configuration (optional: restore file)
-U, --uninstall-icap    to restore default squid binary
-W, --with-icap         install squid with icap support
-R, --regrazor          register razor
-u, --uninstall         uninstall copfilter and fprot
-p, --permissions       set file permissions
-V, --version           print version information and exit
-x, --fixbackspace      fix backspace key in vi
-s, --symlinks          recreate symlinks for Copfilter logfiles
-y, --yes               install without confirmation

Copfilter 2.0.91beta2 for IPCop 2.x.x and above
by Markus Madlener <copfilter at gmx dot net>
and karesmakro <ipcop at it-connect-unix dot de>
http://www.copfilter.org

See also:
http://www.copfilter.org/forum/viewtopic.php?f=4&t=239
and
http://www.copfilter.org/forum/viewtopic.php?f=3&t=228

In rare cases 'monit' won't start anymore.

Nothing can be found in the logs - output is quite simple:

starting monit <BR>
waiting 3 second(s) <BR>
monit is not running <BR>

Even

/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit debug

only provides

mo:2345:respawn:/var/log/copfilter/default/opt/monit/default/bin/monit -I -c /var/log/copfilter/default/opt/monit/etc/monitrc
monit is not running
waiting 0 second(s)
/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit: line 279: debug: command not found
monit is not running

Wrong file permissions of '/var/log/copfilter/default/opt/monit/etc/monit.rc'

Log in on the console as 'root' using a suitable client (ssh, PuTTY, …) and initiate the following commands:

cd /var/log/copfilter/default/opt/monit/etc

chown root.root monitrc

chmod 600 monitrc

Problem should be solved…

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=621#p621

If someone doesn't want to get notifications about the various virus updates, you can switch these ON/OFF with the following patch.

This script will disable the email notifying for the database updates of clamav, avg and f-prot
and the rules update of spamassassin and furthermore the email of the bayes leraning process.
To disable these mails please choose “d” in the following dialog.
To reenable these mails run this script again with the parameter “e”.
Please note that you use this script on your own risk without any warranty of the author!

d = disable email notifying e = enable email notifying

2010-04-16 20:00 v 0.01.3:

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=776#p776

Copfilter-Installation on IPCop 1.4.21 stops with an error, even though the system requirements are met:

md5check       done
extracting ...   done
now executing /var/log/copfilter/0.84beta4/setup_util -i

This addon only works for IPCop 1.4.x and higher

There exists a file '/etc/crontab', a relic from a previous version of IPCop, which was inadvertently not deleted during the update process.

rm /etc/crontab

A big “Thanks!” goes to 'cjmatsel' - this tip was originally published in Copfilter section of his IPCopWiki!

• The highly recommended addon BOT (BlockOutTraffic) by default blocks all access to the IPCop and other networks.

• But Basic setup of BOT isn't aware of Copfilter and his several “redirections”.

• For Copfilter to work properly, you have to release the following ports (or a subset, depending on the services used) for access to IPCop and for the affected clients.

You can add the following useful services (if required, these are not part of Copfilter):

Best is, to arrange required services in groups.

Here's a screenshot of a sample configuration that still contains some other services:

Unfortunately, it happens every now and then that sendEmail has problems with the current service provider.

In this case, the following guide should help to verify the correct function:

Enter following commands on the console - fill in sender address, recipient address etc. (omit the square brackets!):

cd /var/log/copfilter/default/opt/tools/bin

./sendEmail -f [sender-address] -u [Subject] -t [recipient-address] -s [SMTP-serveraddress] -xu [SMTP-username] -xp [SMTP-password]

[ENTER]

A successful result should look like this:

root@coprouter:/tmp # […place of 'sendEmail'-commands…]
Reading message body from STDIN because the '-m' option was not used.
If you are manually typing in a message:
- First line must be received within 60 seconds.
- End manual input with a CTRL-D on its own line.

testmail nummer 3
Jan 02 21:52:59 coprouter sendemail[10044]: Message input complete.
Jan 02 21:52:59 coprouter sendemail[10044]: NOTICE ⇒ Authentication not supported by the remote SMTP server!
Jan 02 21:52:59 coprouter sendemail[10044]: Email was sent successfully!\\

Check all outputs for errors!

To be sure, successively press the buttons “Send test email virus”, “Send test e-mail SPAM” and “Send a test email” in Copfilter Test & Logs.

Wait a few seconds and then take a look at '/var/log/messages' …:

Jan 2 21:54:25 coprouter copfilter send testvirus:
Jan 2 21:54:25 coprouter copfilter send testvirus: please wait until scripts finishes
Jan 2 21:54:25 coprouter copfilter send testvirus: this script only works if you have correctly configured your email address
Jan 2 21:54:25 coprouter copfilter send testvirus: and smtp server in the copfilter webgui
Jan 2 21:54:25 coprouter copfilter send testvirus:
Jan 2 21:54:29 coprouter copfilter send testspam:
Jan 2 21:54:29 coprouter copfilter send testspam: please wait until scripts finishes
Jan 2 21:54:29 coprouter copfilter send testspam: this script only works if you have correctly configured your email address
Jan 2 21:54:29 coprouter copfilter send testspam: and smtp server in the copfilter webgui
Jan 2 21:54:29 coprouter copfilter send testspam:
Jan 2 21:54:29 coprouter copfilter send testspam: Reading message body from STDIN because the '-m' option was not used.
Jan 2 21:54:29 coprouter copfilter send testspam: If you are manually typing in a message:
Jan 2 21:54:29 coprouter copfilter send testspam: - First line must be received within 60 seconds.
Jan 2 21:54:29 coprouter copfilter send testspam: - End manual input with a CTRL-D on its own line.
Jan 2 21:54:29 coprouter copfilter send testspam:
Jan 2 21:54:29 coprouter copfilter send testspam: Jan 02 21:54:29 coprouter sendEmail[8535]: Message input complete.
Jan 2 21:54:29 coprouter copfilter send testvirus: Jan 02 21:54:29 coprouter sendEmail[8524]: Email was sent successfully!
Jan 2 21:54:30 coprouter copfilter send testspam: Jan 02 21:54:30 coprouter sendEmail[8535]: Email was sent successfully!
Jan 2 21:54:31 coprouter copfilter send exe attachment:
Jan 2 21:54:32 coprouter copfilter send exe attachment: please wait until scripts finishes
Jan 2 21:54:32 coprouter copfilter send exe attachment: this script only works if you have correctly configured your email address
Jan 2 21:54:32 coprouter copfilter send exe attachment: and smtp server in the copfilter webgui
Jan 2 21:54:32 coprouter copfilter send exe attachment:
Jan 2 21:54:32 coprouter copfilter send exe attachment: Jan 02 21:54:32 coprouter sendEmail[8546]: Email was sent successfully!

Shortly thereafter a total of three e-mails should arrive - one with an “EXE”-Attachment, the other two - if 'p3scan' was activated - starting with roughly the following text body.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Copfilter hat einen Virus in einer an Sie gesendeten Mail gefunden (POP3)!
Anstatt der verseuchten Mail erhalten Sie diesen Hinweis.

Virus-Name: Eicar-Test-Signature (gefunden durch ClamAV)
Anhang: eicar.com

Absender: [Absendeadresse von oben…!]
Empfaenger: [Empfängeradresse von oben…!]
Betreff: harmless VIRUS test mail from Copfilter
Datum: Sat, 02 Jan 2010 21:58:34 +0100
Server: [IP-Adresse…!]
Client: [IP-Adresse+Port!]
Email-Datei: p3scan.j2iBxb
gescannt auf: coprouter

Diese Mail wurde zwischengespeichert.
Bitte nehmen Sie zur Kenntnis, dass die Absende-Adresse gefaelscht sein koennte!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Header der Original-Nachricht:

X-Filtered-With: Copfilter Version 0.84beta4 (P3Scan 2.3.2)
X-Copfilter-Virus-Scanned: ClamAV 0.95.3/10248/Sat Jan 2 21:58:50 2010
Return-Path: …[usw.usf.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Filtered-With-Copfilter: Version 0.84beta4 (P3Scan 2.3.2)
Copfilter-Virus-Scanned: ClamAV 0.95.3/10248/Sat Jan 2 21:58:52 2010
by Markus Madlener @ http://www.copfilter.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
P3Scan 2.3.2 (modified by Markus Madlener for Copfilter)
by Jack S. Lai <laitcg@cox.net>

If the current 'sendEmail' version is running into problems, it has to be tested:

cd /var/log/copfilter/default/opt/tools/bin

For simplicity, you should copy different 'sendEmail'-[versions] to this directory:

For testing, just copy the desired 'sendEmail'-[version] to 'sendEmail':

cp sendEmail-1.54 sendEmail

By overwriting the destination file you can immediately start a new testrun.

The installation routine for IPCop V2 creates a root partition with only 768MB.

This is enough for most installations - but not (for example) for the developer version.

It is therefore advisable to create the necessary partitions during the installation manually.

For this purpose, 'parted' is needed, which is included on the IPCop CD.

More informations regarding 'parted' can be found on http://ftp.gnu.org/old-gnu/Manuals/parted-1.6.1/html_mono/parted.html

1. Burn IPCop-V2-ISO-Image to CD.

2. Boot from CD.

3. At Boot-Prompt type:

install parted

[ENTER]

4. After the hardware initialization and the media selection you'll see a message box:

[Don't press ENTER now!]

5. Press [ALT-F5] or [ALT-F6]

6. On the console type:

cat /proc/partitions

[ENTER]

This command displays the existing partitions and the type of the target hard disk (hda or sda):

7. Now type (depending on hard disk type):

parted /dev/hda

(or /dev/sda, see above)
[ENTER]

'Parted' is started and you are now on the 'parted' command line:

8. Type print to display the partition table.

print

[ENTER]

9. If necessary, remove existing partitions by typing rm [Number]. [Number] corresponds to the partition numbering of the “Number” column.

10. If you get an error message like “unrecognized disk label”, type mklabel msdos to create a msdos-Disklabel:

mklabel msdos

[ENTER]

11. The following command creates a root-Partition with 8 GB.
Ignore Warning: The resulting partition is not properly aligned for best performance. Ignore/Cancel?).

mkpart primary ext2 64k 8192

[ENTER]

12. Next, a second partition must be created for var - the following command uses the entire remaining disk space:

mkpart primary ext2 8193 100%

[ENTER]

13. Make root-partition bootable:

set 1 boot on

[ENTER]

14. Leave 'parted':

quit

[ENTER]

15. Type sync to write pending changes immediately to disk (important for SCSI-Systems!):

sync

[ENTER]

16. List new partitions:

parted -l

[ENTER]

17. Press [ALT-F1] to return to the first shell (above, item 4.).

18. Press [ENTER] to continue with IPCop-V2-Installation.

If you're not familiar with this procedure, you can download an Addon-friendly-IPCop-V2-Version which automatically creates a bigger root partition from this URL:

Download:
http://sourceforge.net/projects/copfilter/files/copfilter%20v2/IPCop-ISO/

Such an installation requires at least a 10 GB hard disk - a 5 GB root partition and a 256 MB swapfile is created.

To speed up access to the temporary files created by HAVP in /var/log/copfilter/default/opt/havp/tmp during scanning, there are only a few adjustments needed.

Afterwards, temporary files are stored in a Ramdisk and can be accessed faster.

In this tutorial the ramdisk is created with a size of 64MB, which has so far proved to be sufficient for standard use - higher values are possible, but go at the expense of available memory.

Please note:

• The Ramdisk must in any case be able to manage the temporary files of many simultaneous downloads.
• With a value of eg MAXSCANSIZE 30720000 (30MB), a 64MB ramdisk may be fully utilized with the simultaneous downloads of two large files - this can cause problems.
• In this case, a bigger ramdisk must be created or the value of MAXSCANSIZE has to be reduced!

This optimization was performed on a IPCop 1.4.21, using current HAVP and ClamAV-versions. HAVP-parameter were as follows (Copfilter 0.84beta4, ClamAV running in library-mode):

Please note:

IPCop 1.4.x ONLY!

• In IPCop-versions 1.9.x/2.x (V2), kernel modul for Ramdisk has been removed.
  
• Copfilter-Version 2.0.x (IPCop 1.9.x/2.x) therefore uses TMPFS - this option can be switched ON/OFF using Enable HAVP Scanner to run in Memory via HAVP-GUI:
  

First you have to make BACKUPS of the following files!

• /boot/grub/grub.conf
• /var/log/copfilter/default/etc/global_settings
• /var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp

1. Edit 'grub.conf':

Add option ramdisk_size=64000 to kernel line in /boot/grub/grub.conf.

Example:

kernel /vmlinuz root=/dev/sda4 panic=10 init=/linuxrc rw ramdisk_size=64000

2. Edit 'global_settings':

Insert line HAVP_RAMDISK=on in file '/var/log/copfilter/default/etc/global_settings.

3. Edit 'copfilter_havp':

In file '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp' replace this section from subroutine start ():

        /bin/mount | grep -v grep |grep man >/dev/null 2>&1
        RESULT=$?
        if [ "x${RESULT}" = "x1" ]; then 
          echo $CP_havp_mount $APPEND
          /bin/mount -o remount,mand  /var/log
        fi

with this section:

copfilter_havp_ramdisk_mod_01

# Creating Ramdisk
        /bin/mount | grep -v grep |grep man >/dev/null 2>&1
        RESULT=$?
        if [ "x${RESULT}" = "x1" ]; then 
            if [ "x${HAVP_RAMDISK}" = "xon" ]; then
                echo "$CP_havp_mount Ramdisk $APPEND"
                if [ ! -d /var/log/copfilter/default/opt/havp/tmp ]; then
                    mkdir /var/log/copfilter/default/opt/havp/tmp
                fi
                /sbin/mkfs.ext3 /dev/ram1
                /bin/mount -o mand  /dev/ram1 /var/log/copfilter/default/opt/havp/tmp
                chown -R havp.havp /var/log/copfilter/default/opt/havp/tmp
            else
                echo $CP_havp_mount $APPEND
                /bin/mount -o remount,mand  /var/log
            fi
        fi

Attention:

Since Copfilter Version 0.85.3 line:

chown -R havp.havp /var/log/copfilter/default/opt/havp/tmp

has to be replaced with:

chown -R havp.copfilter /var/log/copfilter/default/opt/havp/tmp

4. Edit 'copfilter_havp':

In file '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp replace subroutine stop () with the following section:

copfilter_havp_ramdisk_mod_02

stop () {
        PRG_PID=`pidof $PRG`
        if [ $? != 0 ]; then 
          PRG_PID=""
        fi

        if [ "x$PRG_PID" = "x" ]; then
          echo $PRG $CP_not_running $APPEND
        else
          $MONIT unmonitor $PRG
          if kill $PRG_PID 2>/dev/null; then
            progress_msg="<BR>Waiting ."
            cnt=0
            while kill $PRG_PID 2>/dev/null; do
              cnt=`expr "$cnt" + 1`
                if [ "$cnt" -gt 15 ]; then
                    kill -9 -$PRG_PID
                    break
                fi
                sleep 1
                echo -n $progress_msg
                progress_msg=" ."
            done
          fi
        fi
        # echo $CP_waiting $WAIT $CP_seconds $APPEND
        if [ "x${HAVP_RAMDISK}" = "xon" ]; then
            echo "$CP_havp_umount Ramdisk $APPEND"
            /bin/umount /dev/ram1
        fi
}

Note:

Whether the changes were successful, can easily be verified via GUI.

• In IPCop-SYSTEM-STATUS Ramdisk must be visible under 'Disk usage:' and 'Inodes usage':
  

Verification through the log files:

• In /var/log/messages Ramdisk initializing can be seen:

coprouter kernel: RAMDISK driver initialized: 16 RAM disks of 5120K size 1024 blocksize

Check filesystem:

• Under /var/log/copfilter/default/opt/havp/tmp there's a new directory: lost+found

• During Copfilter-“Restart all services”, HAVP start procedure is “somewhat” more detailed - don't worry, following output is normal:

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=3372#p3372 (german)

Mails are fetched with extreme delay.

• SpamAssassin and Razor-, DCC- and DNSBL-lists are enabled.
• In addition, the mails are checked with ClamAV.

IPCop scripts for traffic accounting consume more system resources, the higher the level of detail is set.
Depending on CPU and RAM, the scripts are running for several minutes.

Tested term of '/usr/local/bin/aggregatetraffic.pl':

• Detail level “Low”: approx. 9 seconds
• Detail level “High”: approx. 130 seconds and more

A scan time of up to 30 seconds per mail can be normal, depending on the number of activated Copfilter-components.

If a mail retrieval, however, happens at the exact period of the traffic accounting, scan time from SpamAssassin etc., increases extremely!

During problems with P3Scan/ProxSMTP and SpamAssassin also the timeout settings of the individual components have to be considered.

These include - in addition to the client that fetches the mails:

• P3scan (default value is 120 seconds: /var/log/copfilter/default/opt/p3scan/etc/p3scan.conf → timeout=120)
• ProxSMTP (default value is 180 seconds: /var/log/copfilter/default/opt/proxsmtp/etc/proxsmtpd.conf → Timeout: 180)

So, under certain circumstances, scanning can take more than 90 seconds (or more) per mail!

1. Set detail level to “Low”:

2. With the following patch for Copfilter version 2.0.90 and 2.0.91beta1 RBL checks can be disabled in Antispam GUI when Razor, DCC and DNSBL are enabled:

For Copfilter 2.0.90:

For Copfilter 2.0.91beta1:

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Italic quotes are from the original posting - it's unfortunately no longer available.

Because this issue comes up every now and then and was asked by several users, I would like to post a workaround to solve possible problems with the HAVP authentication.

Since HAVP can not perform authentication on websites, you can define an exclusion rule which excludes the affected website.

Response from the HAVP developer:

Quote:
Hi,
This site uses M$ NTLM authentication. It is impossible to get working with
current HAVP as it requires special features and architecture from a proxy
(connection pinning etc). Only Squid 2.6/2.7 are capable, even 3.0 doesn't
seem to have support for it.

Such sites are most likely to be internal and should require no scanning.
Your workaround with Squid is the correct way - also you can add such sites
as no-proxy in browser.

Log in on the console as 'root' using a suitable client (ssh, PuTTY, …) and initiate the following commands:
(The code paragraphs contain always a single command line, the bold formatted words in angular clips in between are standing for the corresponding keystrokes.)

cd /tmp 

[ENTER]

Create backup first:

cd /var/log/copfilter/default/opt/havp/etc/init.d

cp copfilter_havp copfilter_havp_backup

Open file for editing:

nano copfilter_havp

Or:

vi copfilter_havp

Replace:

# COPFILTER START - havp - do not modify
acl copfilter_all src 0.0.0.0/0.0.0.0
acl Scan_HTTP proto HTTP
acl Scan_FTP proto FTP

cache_peer 127.0.0.1 parent 10080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow copfilter_all

always_direct allow Scan_FTP
never_direct allow Scan_HTTP
# COPFILTER END - havp - do not modify

With:

copfilter_havp_acl

# COPFILTER START - havp - do not modify
acl copfilter_all src 0.0.0.0/0.0.0.0
acl Scan_HTTP proto HTTP
acl Scan_FTP proto FTP

cache_peer 127.0.0.1 parent 10080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow copfilter_all

acl NOSCAN dstdomain www.websitehere.de
always_direct allow NOSCAN

always_direct allow Scan_FTP
never_direct allow Scan_HTTP
# COPFILTER END - havp - do not modify

These two lines are important:

acl NOSCAN dstdomain www.websitehere.de
always_direct allow NOSCAN

…don't forget to save!
Thus, this setting is stored permanently on IPCop and Copfilter can still change the settings through the GUI, without overwriting these entries.

Next, restart HAVP via console:

/usr/local/bin/copfilter_restarthavp

Or restart HAVP via GUI.

If you wish to exclude other sites of HAVP, separated by a space, eg:

acl NOSCAN dstdomain www.websitehere.de anotherwebseite.com

The desired exceptions can also be expanded very easily (by inserting in '/var/ipcop/proxy/acls/include.acl'):

Exception rule for another Client-PC:

acl NOSCANIP src <your IP-address>/32 <next IP>/32
always_direct allow NOSCANIP

Exception rule for specific file types (here: 'mpq'):

acl site url_regex -i mpq
always_direct allow site

Block certain IP-addresses:

acl BANNED dst ip1 ip2 ip3 ip4 ip5
http_access deny BANNED

Block all IP-based accesses:

acl ipacl dstdom_regex ^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http_access deny ipacl

An overview of the Squid access list options can be found here: http://wiki.squid-cache.org/SquidFaq/SquidAcl