The IM-Filter Projectpage

Please note that IM-Filter is no longer developed.
So, the current version of the ICQ protocol might no longer work with IM-Filter.

What is IM-Filter?

IM-Filter is a networking daemon for GNU/Linux machines. It is written in C and it is able to analyze and filter the ICQ network protocol. The daemon runs in userspace and fetches ICQ network packets by using the libnetfilter_queue mechanism.

The main use case of IM-Filter is to run at a network gateway, so all ICQ-related traffic runs over IM-Filter. Nevertheless, the daemon could also be used directly on end users computers. This will not result in a comprehensive view over network-wide ICQ-usage, though. The following diagram shows how the daemon is integrated in a GNU/Linux system.

One of the design goals of IM-Filter was modularity. So plugins for other protocols like MSN or IRC could be written easily. The source code already contains skeleton code for an IRC module.

Together with the source code, adequate iptables scripts are provided. These are necessary in order to forward ICQ traffic to IM-Filter.

Features

Logging of messages sent via ICQ

IM-Filter is able to identify and log messages which have been sent via the ICQ protocol. These messages contain a timestamp, an IP-address, the appropriate UIN and - of course - the message itself. A logged message could look like this:
[2007-07-27 11:24:21] IP "10.0.0.1" sent following message to #123456789: "hello, this is a test"
Blacklists for messages and UINs

IM-Filter handles two different blacklists: for messages and for UINs. The message blacklist holds strings which must not occur in text messages. When such a string is detected in a message, it gets censored in the logfiles.
The UIN blacklist contains UINs of users which are not allowed to connect to the ICQ network. Those blacklists can be re-read by the daemon during runtime by sending signals.
Detection and blocking of file transfers

Since file transfers are not always welcome, they can be blocked by invoking the daemon with a specific command line argument. Then, users in the LAN can not send files to other users anymore. Beside blocking, the daemon logs file transfers. Such a log entry can look like this:
[2007-07-06 17:01:26] FILTRANSFER detected (outgoing): receiver uin: #123456789 || filename: test.txt || size: 143360B
List with currently logged in users

To be able to know which users are currently logged in, IM-Filter manages a text file which holds all necessary information. By default, the file is placed in /var/log/imfilter.users and contains IP-address and UIN of the users which are currently logged in. The file could look like this:
```
UIN=123456789, IP=10.0.0.1
UIN=234567890, IP=10.0.0.22
UIN=345678901, IP=10.0.0.4
	
```

Releases

The latest release is version 0.9 which has been released on September 7th, 2007. Please download it from Sourceforge.

Credits

Maintainer:
- Philipp Winter
Developers:
- Norbert Gruber
- Aljosha Judmayer
- Christoph Zauner

IM-Filter is released under the GNU General Public License v2.
Last update: September 3th, 2011