****************************************************************************************** USERS MANUAL make sure you have configured your email address and smtp server in this file /var/log/copfilter/default/etc/global_settings to test this pacakage read the TESTING file ######################################################################################### ## IPCop web configuration interface (webgui) open a web browser and goto the ipcop webgui choose from the Menu: -> Services -> Copfilter ######################################################################################### ## p3scan can be enabled/disabled from the webgui program gets started automatically at ipcop startup in this file /etc/rc.d/rc.local if its disabled p3scan will not be started at boot time manually stop/start p3scan Usage: p3scan {start|stop|debug|reload|restart|status} example: /etc/rc.d/init.d/p3scan status every day at 20:55 all temporary emails older than 21days get deleted current crontab entry: 55 20 * * * p3scan find /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/ -mtime +21 -type f -exec rm -f {} \; if you want to change this execute "fcrontab -e" configuration files: /var/log/copfilter/default/opt/p3scan/etc/p3scan.conf this is the main p3scan configuration file /var/log/copfilter/default/opt/p3scan/etc/p3scan.mail this is the email template used when informing the user that he received a virus infected email /etc/rc.d/init.d/p3scan status: will show you the status of the p3scan and the status of the transparent iptables rules /var/log/copfilter/default/opt/tools/bin/mailscanner.sh in this file the actually mail scanning takes place to disable virus or spam scanning disable the appropiate sections in the webgui commands: /etc/rc.d/init.d/p3scan stop issue this command to stop the virus and spam scanning emails will go directly through the firewall, without being checked ! (notice that the spamassassin spamd daemon will still be running, although they will not be used) use this if you are experiencing problems when downloading emails /etc/rc.d/init.d/p3scan debug execute this INSTEAD of the p3scan start command (p3scan must not be running before executing this), then you can watch debug code on the console, very good for debugging problems in your mailscanner.sh file, watch what p3scan does with your email while your client downloads them p3scan will stop to scan emails if free disk space is below 20MB (configurable in p3scan.conf) if you want to deactivate p3scan, so that it doesn't get started, and so that it doesn't get used -> disable it in the webgui ######################################################################################### ## spamassassin program gets started automatically at ipcop startup in this file /etc/rc.d/rc.local manually stop/start spamassassin: Usage: spamd {start|stop|debug|reload|restart|status} example: /etc/rc.d/init.d/spamd status configuration files: /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf modify scores, edit whitelists, edit blacklists, enable or disable features like razor, RBL tests, etc #### don't use this, there is still a bug: when enabling DNSRBL some spam mail will not be scanned! #### to enable DNSRBL tests set "skip_rbl_checks" to "0" (this slows down mail scanning alot) #### skip_rbl_checks 0 to improve spam recognition: edit /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf #activate the following to improve spam recognition #use_dcc 1 use_dcc 1 #activate the following to improve spam recognition #use_razor2 1 use_razor2 1 reduce/increase the hits required to recognize an email as spam: local.cf (for example, set it to 5.8) required_hits 5.8 the following spamassassin rulesets have been added to the default spamassassin rulesets: backhair.cf chickenpox.cf weeds.cf if you want to deactivate spamassassin, so that it doesn't get started, and so that it doesn't get used disabled it in the webgui ######################################################################################### ## privoxy program gets started automatically at ipcop startup in this file /etc/rc.d/rc.local manually stop/start privoxy Usage: privoxy {start|stop|reload|restart|status} example: /etc/rc.d/init.d/privoxy status configuration files /var/log/copfilter/default/opt/privoxy/etc/config main privoxy configuration file if local ip address is changed, change the "forward" and the "listen-address" parameter accordingly in this file /var/log/copfilter/default/opt/privoxy/etc/privoxy_default.action here the privoxy default actions are defined /var/log/copfilter/default/opt/privoxy/etc/privoxy_user.action enter your personal configuration here you can configure privoxy through a webgui at http://config.privoxy.org (this page is not loaded from the internet, instead it comes from privoxy on the ipcop machine) if you want to deactivate privoxy, so that it doesn't get started, and so that it doesn't get used disabled it in the webgui to use the "privoxy bookmarket" in the copfilter configuration window, the browser must be configured to use privoxy (set the proxy to your ipcop machine on port 8118), privoxy and squid must be enabled, for this to work ######################################################################################### ## fprot signature update intervall is configurable in the webgui if configured, fprot tries to download new virus signatures, if no newer updates are available, nothing will be downloaded, if ipcop is not connected, nothing will be downloaded as well every month fprot tries to download and install a new f-prot version (not signatures but program updates) (this only happens if fprot virus signature updates are enabled) if you want to prohibit this delete the file fprot_prg_counter execute the following to manually update the virus signatures: fprot: /var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh ... or click on "manual update" in the webgui show installed virus definition files dates: fprot: /var/log/copfilter/default/opt/f-prot/default/f-prot -verno ... or check in the webgui if virus signatures are updated, you should get an email informing you about the successfull virus signature update with an information about the virus signature's date, but only if you correctly configured your email settings in /var/log/copfilter/default/etc/global_settings ######################################################################################### ## clamav program gets started automatically at ipcop startup in this file /etc/rc.d/rc.local manually stop/start clamd Usage: clamd {start|stop|reload|restart|status} example: /etc/rc.d/init.d/clamd status signature update intervall is configurable in the webgui if configured, clamav tries to download new virus signatures, if no newer updates are available, nothing will be downloaded, if ipcop is not connected, nothing will be downloaded as well configuration files /var/log/copfilter/default/opt/clamav/etc/clamav.conf this is the main configuration file for clamd (clamscan daemon) /var/log/copfilter/default/opt/clamav/etc/freshclam.conf this is the main configuration file for freshclam (automatic virus signature updater) if virus signatures are updated, you should get an email informing you about the successfull virus signature update with an information about the virus signature's date, but only if you correctly configured your email settings in /var/log/copfilter/default/etc/global_settings execute the following to manually update the virus signatures: clamav: /var/log/copfilter/default/opt/tools/bin/check-updates_clamav.sh ... or click on "manual update" in the webgui show installed virus definition files dates: clamav: /var/log/copfilter/default/opt/clamav/default/bin/freshclam ... or check in the webgui if you want to deactivate clamscan, so that it doesn't get started, and so that it doesn't get used disable it in the webgui in order to download clamav updates from the nearest local mirror, edit this file /var/log/copfilter/default/opt/clamav/etc/freshclam.conf and if for example you live in germany change # Uncomment the following line and replace XY with your country #DatabaseMirror db.XY.clamav.net to # Uncomment the following line and replace XY with your country DatabaseMirror db.de.clamav.net ######################################################################################### ## renattach can be enabled/disabled from the webgui configuration files /var/log/copfilter/default/opt/tools/etc/renattach.conf this is the main renattach config file here you can configure which attachments (based on extension) should be renamed by renattach, you can add or remove any file extension in this file /var/log/copfilter/default/opt/p3scan/etc/p3scan.conf if you want to disable renattach comment the line starting with "renattach" in this file #renattach = /var/log/copfilter/default/opt/tools/bin/renattach ######################################################################################### ## razor configuration files /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf if you want to enable razor, set the "use_razor2" parameter to "1" use_razor2 1 its disabled by default, enable it to improve spam recognition ######################################################################################### ## RulesDuJour can be enabled/disabled from the webgui configurations files /var/log/copfilter/default/opt/tools/bin/my_rules_du_jour main configuration file currently these rulesets are used: BLACKLIST_URI TRIPWIRE ANTIDRUG EVILNUMBERS BIGEVIL RANDOMVAL MRWIGGLY SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE you can add new ones here updates for above rulesets are available through configuration of update intervall of rules_du_jour in the webgui