Squidclamav uses curl to resolve all kind of addresses which the system allow.
If the remote address is an IPv6 address, squidclamav hangs forever.
Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this
issue.
Fixes#10376.
Very useful for analyzing multicast traffic directly on the router/
firewall without the need for a large software like vlc or the like.
http://www.videolan.org/projects/multicat.html
Simple and efficient multicast and transport stream manipulation
The multicat package contains a set of tools designed to easily and
efficiently manipulate multicast streams in general, and MPEG-2
Transport Streams (ISO/IEC 13818-1) in particular.
The multicat suite of applications is very lightweight and designed
to operate in tight environments. Memory and CPU usages are kept to
a minimum, and they feature only one thread of execution.
multicat needs bitstream as a build dependency
http://www.videolan.org/developers/bitstream.html
Major change in these patches for the user is the addition
of a whitelist item for up and downstream interfaces.
Excerpt from one of patches:
Defines a whitelist for multicast groups. The network address must be in the following
format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32,
i.e. 'a.b.c.d/32'.
By default all multicast groups are allowed on any downstream interface. If at least one
whitelist entry is defined, all igmp membership reports for not explicitly whitelisted
multicast groups will be ignored and therefore not be served by igmpproxy. This is especially
useful, if your provider does only allow a predefined set of multicast groups. These whitelists
are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the
same machine as igmpproxy from requesting 'unallowed' multicast groups.
You may specify as many whitelist entries as needed. Although you should keep it as simple as
possible, as this list is parsed for every membership report and therefore this increases igmp
response times. Often used or large groups should be defined first, as parsing ends as soon as
a group matches an entry.
The squid proxy server has been blocked by unresponsive redirectors and it took ages to kill it in the past.
To speed up the shutdown process, we will stop all redirector services at the same time. If the squid service
is still running we will wait up to 30 seconds before a TERM and finaly a KILL signal will be sent.
Fixes#10368.
