Fighting virii

© 2014 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later


    1. Whitelisting files
    2. Whitelisting signatures

Whitelisting files

Files ending with .fp in the ClamAV database directory whitelists files. The .fp file is a kind of database with a whitelisted file per line. The structure of the line is composed like this:


There is no need to create these lines by hand, you can use the sigtool to create them for you. Assuming that you want to whitelist the eicar file in the local.fp whitelist file, use:

sigtool --md5 /home/dleeuw/eicar >> /var/lib/clamav/local.fp

The entry will the look like this:


Whitelisting signatures

To whitelist (ignore) virus signatures one needs to create a .ign2 file in the ClamAV database directory. The 2 indicates that this is the new format. The old format (.ign) looked like this:

The newer format is a lot simpler:

To create the file, or to add additional entries use:

echo "Eicar-Test-Signature" >> /var/lib/clamav/local.ign2