Fighting virii
© 2014 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later
Files ending with .fp in the ClamAV database directory whitelists files. The .fp file is a kind of database with a whitelisted file per line. The structure of the line is composed like this:
MD5:FileSize:Comment
There is no need to create these lines by hand, you can use the sigtool to create them for you. Assuming that you want to whitelist the eicar file in the local.fp whitelist file, use:
sigtool --md5 /home/dleeuw/eicar >> /var/lib/clamav/local.fp
The entry will the look like this:
69630e4574ec6798239b091cda43dca0:69:eicar
To whitelist (ignore) virus signatures one needs to create a .ign2 file in the ClamAV database directory. The 2 indicates that this is the new format. The old format (.ign) looked like this:
DBName:LineNumber:SignatureNameThe newer format is a lot simpler:
SignatureName
To create the file, or to add additional entries use:
echo "Eicar-Test-Signature" >> /var/lib/clamav/local.ign2