****************************************************************************************** FEATURES: *** WARNING These packages (copfilter and ipcop_addon_pkg) are NOT official ipcop addons. They haven't been approved or reviewed by the ipcop development team. They come with NO warranty or guarantee, so use them at your own risk. Installation of these pacakages may result in a less secure or even a non-working IPCop machine, so test the packages first. *** Compatibility this package only works on Ipcop 1.4.0b1 and higher! *** Package Description copfilter is an ipcop addon which scans incoming pop3 email for viruses and spam using the following software: p3scan - a full-transparent proxy-server for POP3-Clients, it enables scanning of incoming email messages spamassassin - a mail filter to identify spam, mails get marked in the subject line with a ***** SPAM ***** vipul's razor - a distributed, collaborative, spam detection and filtering network, used by spamassassin dcc - a cooperative, distributed system intended to detect "bulk" mail or mail sent to many people. renattach - a stream filter that can identify and rename potentially dangerous e-mail attachments clamscan - a GPL virus scanner with built-in support for RAR (2.0), Zip, Gzip, Bzip2 and automatic updating privoxy - a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk opt.: f-prot - a commercial virus scanner (free for home use) opt.: f-prot - a commercial virus scanner (corporate use) *** used software - pop3proxy: p3scan 1.0.99-05dev http://p3scan.sourceforge.net + patch - mail ripper: ripmime 1.3.1.2 http://www.pldaniels.com/ripmime - virusscanner: f-prot 4.4.7 http://www.f-prot.com/products/home_use/linux (home use) - virusscanner: f-prot 4.4.7 http://www.f-prot.com/products/corporate_users/unix/index.html (corporate use) - virusscanner: clamav 0.80 http://clamav.sourceforge.net - spamtool: spamassassin 3.0.1 http://www.spamassassin.org - spamtool: razor 2.61 http://razor.sourceforge.net - spamtool: dcc-dccd 1.2.50 http://www.rhyolite.com/anti-spam/dcc - bash script: RulesDuJour 1.17b http://www.exit0.us/index.php/RulesDuJour - attachment rm: renattach 1.2.1 http://www.pc-tools.net/unix/renattach - webfilter: privoxy 3.0.3 http://www.privoxy.org - http dl: wget 1.9.1 http://www.gnu.org/software/wget/wget.html - ftp client: ncftpget 3.1.7 http://www.ncftpd.com - mail client: SMTPclient 1.0.0 http://www.engelschall.com/sw/smtpclient - mail client: sendEmail 1.42 http://caspian.dotconf.net/menu/Software/SendEmail (+auth patch) - eicar testvirus http://www.eicar.com *** email address and website website: http://www.madlener.tk email address: copfilter at gmx dot net (exampe "hello at test dot com" means hello@test.com) Please don't publish my email address online like in forums, boards,... except in the form (copfilter at gmx dot net) presented above. This helps reduce my spam mail, thanks! *** webfilter privoxy - description from http://www.privoxy.org: Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks - privoxy forwards its traffic to squid, and squid request the websites from the internet - there is a filter to make quiktime movies "savable" - gets started as root, but runs as a normal user "privoxy" - can easily be turned on and off with a bookmarklet (read MANUAL for details) - USAGE: change your browser settings as follows: proxy : port : 8118 (instead of using 8080 with squid) *** pop3proxy p3scan - description from http://p3scan.sourceforge.net: This is a full-transparent proxy-server for POP3-Clients. It runs on a Linux box with iptables (for port re-direction). It can be used to provide POP3 email scanning from the internet, to any internal network and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet Proxy servers. It is designed to enable scanning of incoming email messages for Virus's, Worms, Trojans, Spam (read as "Un-solicited Bulk Email"), and harmfull attachments. Because viewing HTML mail can enable a "Spammer" to validate an email address (via Web bugs), it can also provide HTML stripping. - supports virus scanning - supports spam scanning - transparent, means that no special configuration is needed on the client, client doesn't even know that its mail is being scanned for viruses and spam - standalone use of ripmime (extract attached files out of a MIME package) possible - script based scanning of emails possible (in this package mailscanner.sh) - if an email contains a virus, the email will not be delivered, instead the user will get an email from the p3scan daemon indicating the names of all found viruses, the names of the files containng the viruses, the sender of the email, the subject, date and time - if an email contains spam, the original message will be delivered but it will be tagged as spam in the message subject in this way Subject: *** SPAM *** [score/score_limit_to_be_recognized_as_spam] - gets started as root, but runs as a normal user "p3scan" *** virusscanner clamav - an opensource project - is based on virus signatures from http://www.openantivirus.org - archive scanning, has builtin support for zip,gzip,rar2.0 and has external support for others - automatic download of new virus signatures, only get downloaded if newer ones are available - automatic smtp email delivery to inform user when new signatures have been installed includes version information of signatures and program, notice that for email delivery a very simple and small smtpclient is used, so there is no smtp daemon like sendmail running - gets started as root, but runs as a normal user "clamav" *** virusscanner f-prot - available optionally based on use - a commercial produkt from frisk software international - free for home use - archive scanning, has builtin support for .zip,.cab,.tar,.gz - automatic download of new virus signatures, only get downloaded if newer ones are available - automatic smtp email delivery to inform user when new signatures have been installed (includes version information of signatures and program) a very simple and small smtpclient is used, so there is no smtp daemon like sendmail running - runs as root *** spamfilter spamassassin - added german rules to recognize german spam - additional X-Spam Tags will added in the mail header to describe why spamassassin marked the email as spam or ham - supports whitelists and blacklists - gets started as root, but runs as a normal user "spamd" *** rulesdujour - description from http://www.exit0.us/index.php/RulesDuJour RulesDuJour is a bash script intended to automatically download new versions of SpamAssassin rulesets as the authors release new versions - using static spamassassin rulesets backhair.cf chickenpox.cf weeds.cf (are no longer being updated) - using in rulesdujour update script: ANTIDRUG EVILNUMBERS BIGEVIL RANDOMVAL MRWIGGLY SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE *** razor - description from http://razor.sourceforge.net/ Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures. *** dcc - description from http://www.rhyolite.com/anti-spam/dcc/ In early 2004, the DCC or Distributed Checksum Clearinghouse is a system of thousands of clients and more than 200 servers collecting and counting checksums related to more than 130 million mail messages per day. The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The checksums include values that are constant across common variations in bulk messages, including "personalizations." The idea of the DCC is that if mail recipients could compare the mail they receive, they could recognize unsolicited bulk mail. A DCC server totals reports of checksums of messages from clients and answers queries about the total counts for checksums of mail messages. A DCC client reports the checksums for a mail message to a server and is told the total number of recipients of mail with each checksum. If one of the totals is higher than a threshold set by the client and according to local whitelists the message is unsolicited, the DCC client can log, discard, or reject the message. Because simplistic checksums of spam would not be effective, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves. Since the DCC started being used in late 2000, the fuzzy checksums have been modified several times. *** renattach - description from http://www.pc-tools.net/unix/renattach/ renattach is a fast and efficient UNIX stream filter that can rename or delete potentially dangerous e-mail attachments. It's a highly effective way of protecting end-users from harmful mail content (worms/viruses) by disabling or removing attachments that may be accidentally executed by users. The filter is invoked as a simple pipe for use in a wide variety of systems. The 'kill' feature (which eliminates entire messages) can also help sites deal with resource strains caused by modern virus floods. *** system - scripts to start/stop all installed programs in /etc/rc.d/init.d/ - all programs are configured to log to syslog /var/log/messages - install.sh and uninstall.sh script *** explanation of the packet versioning - example: ipcop_addon_pkg_200402180112.tgz so 200402180112 means: 2004 year 02 month 18 day 01 hour 12 minute ...when package was compiled pls report any bugs or errors to me so that i can remove them and release a new package version pls also tell me if you found any private config in any of the files