IM-Filter is a networking daemon for GNU/Linux machines. It is written in C and it is able to
analyze and filter the ICQ network protocol. The daemon runs in userspace and fetches ICQ
network packets by using the libnetfilter_queue
The main use case of IM-Filter is to run at a network gateway, so all ICQ-related traffic runs over IM-Filter. Nevertheless, the daemon could also be used directly on end users computers. This will not result in a comprehensive view over network-wide ICQ-usage, though. The following diagram shows how the daemon is integrated in a GNU/Linux system.
One of the design goals of IM-Filter was modularity. So plugins for other protocols like MSN or IRC could be written easily. The source code already contains skeleton code for an IRC module.
Together with the source code, adequate iptables scripts are provided. These are necessary in order to forward ICQ traffic to IM-Filter.
IM-Filter is able to identify and log messages which have been sent via the ICQ protocol. These messages
contain a timestamp, an IP-address, the appropriate UIN and - of course - the message itself. A logged
message could look like this:
[2007-07-27 11:24:21] IP "10.0.0.1" sent following message to #123456789: "hello, this is a test"
IM-Filter handles two different blacklists: for messages and for UINs. The message blacklist holds strings
which must not occur in text messages. When such a string is detected in a message, it gets censored in
The UIN blacklist contains UINs of users which are not allowed to connect to the ICQ network. Those blacklists can be re-read by the daemon during runtime by sending signals.
Since file transfers are not always welcome, they can be blocked by invoking the daemon with a specific
command line argument. Then, users in the LAN can not send files to other users anymore. Beside blocking, the
daemon logs file transfers. Such a log entry can look like this:
[2007-07-06 17:01:26] FILTRANSFER detected (outgoing): receiver uin: #123456789 || filename: test.txt || size: 143360B
To be able to know which users are currently logged in, IM-Filter manages a text file which holds all necessary
information. By default, the file is placed in /var/log/imfilter.users and contains IP-address and UIN of
the users which are currently logged in. The file could look like this:
UIN=123456789, IP=10.0.0.1 UIN=234567890, IP=10.0.0.22 UIN=345678901, IP=10.0.0.4
The latest release is version 0.9 which has been released on September 7th, 2007. Please download it from Sourceforge.