Web and Download Filtering
In addition to email filtering, Copfilter has an array of open source tools for filtering web surfing and downloading to further ensure that evil files are kept out of your network. Web filtering is done with the open source tools HAVP and Privoxy. HAVP uses the ClamAV engine to filter traffic to port 80 for virus signatures, while Privoxy filters ads. Another open source tool, frox, filters FTP downloads.
The Copfilter manual provides a link to an innocuous virus test file that when downloaded, should be caught by an anti-virus engine. I downloaded the test file from this page from a PC with a commercial anti-virus product, as well as with Copfilter. Both products caught the virus and stopped the download, with Copfilter providing the message in Figure 7.
Figure 7: Downloaded virus test result
Privoxy will manage cookies to protect privacy, as well as filter ads, pop ups, and other “Internet junk.” But I found that Privoxy left blank spaces in web pages where there were normally advertisements. Although I'm not a big fan of advertisements, my eyes usually just ignore them. Blocking the advertisements, though, made web pages look odd to me.
Figure 8 shows a screen shot from espn.com. Notice the empty white space at the top indicated by arrows that I added. This empty white space is the work of Privoxy. I have to admit, I guess I prefer the ads, but Copfilter at least provides an alternative.
Figure 8: Privoxy ad blocking
The biggest omission from Copfilter is web content filtering. It's hard to complain about a free tool, especially one with as many features and capabilities as Copfilter, but content filtering would really round out this offering as an alternative for subscription-based traffic filters and expensive UTM (Unified Threat Management) appliances.
The leader in free open source based web content filtering is DansGuardian, which used to be able to be made to work with IPCop. But since DansGuardian's author became technical director of SmoothWall, that became the DansGuardian primary platform.
Nevertheless, Copfilter is really a nice add-on to IPCop, conveniently bundling quite a few solid open source filtering tools. If you're already using IPCop as your firewall, installing Copfilter is a no-brainer and each individual component can be enabled as you choose.
The Copfilter web configuration pages carefully credit and link each tool and their source, making it completely clear where the tools come from. Copfilter doesn't take credit for any of its features, but deserves credit for putting them together. My hat is off to Markus Madlener for bringing all these tools together in a usable package. If you try Copfilter and like it, be sure to send a donation his way!