The IM-Filter Projectpage

Index

What is IM-Filter?
Features
Releases
Credits
Contact

IM-Filter is a daemon for GNU/Linux firewall hosts written in C which is able to analyze and filter the ICQ protocol. The daemon runs in userspace and fetches packets of the ICQ protocol by using the libnetfilter_queue mechanism.

The main purpose of IM-Filter is to run at a gateway, so all ICQ-related traffic of users in the LAN runs over IM-Filter. Nevertheless the daemon could also be used directly on end users computers. The following diagram shows, how the daemon is integrated in a GNU/Linux system.

One of the design goals of IM-Filter was modularity. So plugins for other protocols like MSN or IRC could be written easily. The source code already contains skeleton code for an IRC module.

Together with the source code, adequate iptables scripts are provided so that only packets which belong to ICQ traffic get in the netfilter queue of IM-Filter.

Features

Logging of messages sent via ICQ

IM-Filter is able to identify and log messages which have been sent via the ICQ protocol. These messages contain a timestamp, an IP-address, the appropriate UIN and - of course - the message itself. A logged message could look like this:

[2007-07-27 11:24:21] IP "10.0.0.1" sent following message to #123456789: "hello, this is a test"
Blacklists for messages and UINs

IM-Filter handles two different blacklists: for messages and for UINs. The message blacklist holds strings which must not occur in text messages. When such a string is detected in a message, it gets censored in the logfiles.
The UIN blacklist contains UINs of users which are not allowed to connect to the ICQ network. Those blacklists can be re-read by the daemon during runtime by sending signals.
Detection and blocking of file transfers

Since file transfers are not always welcome, they can be blocked by invoking the daemon with a specific command line argument. Then, users in the LAN can not send files to other users anymore. Beside blocking, the daemon logs file transfers. Such a log entry can look like this:

[2007-07-06 17:01:26] FILTRANSFER detected (outgoing): receiver uin: #123456789 || filename: test.txt || size: 143360B
List with currently logged in users

To be able to know which users are currently logged in, IM-Filter manages a text file which holds all necessary information. By default, the file is placed in /var/log/imfilter.users and contains IP-address and UIN of the users which are currently logged in. The file could look like this:

UIN=123456789, IP=10.0.0.1
UIN=234567890, IP=10.0.0.22
UIN=345678901, IP=10.0.0.4

Releases

The latest release is version 0.9 which has been released on September 7th, 2007. Please download it from Sourceforge.

If you like living on the bleeding edge, you can download the latest version via SVN:

svn co https://im-filter.svn.sourceforge.net:/svnroot/im-filter/

Credits

Maintainer:
- Philipp Winter
Developers:
- Norbert Gruber
- Aljosha Judmayer
- Christoph Zauner

Bugs, flames, suggestions

Please feel free to feed my back. You can reach me via:

email: 0x2e8de \x40 gmail \x2e com
jabber: pwr \x40 jabber \x2e ccc \x2e de

IM-Filter is released under the GNU General Public License v2.
Last update: September 7th, 2007