From 5161dced6ec09a9d31528024e8dbf758950560b9 Mon Sep 17 00:00:00 2001
From: ducoterra <git@ducoterra.net>
Date: Tue, 18 Nov 2025 09:56:44 -0500
Subject: [PATCH] add clamav ignore signatures notes

---
 active/software_clamav/clamav.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/active/software_clamav/clamav.md b/active/software_clamav/clamav.md
index e042b15..310babc 100644
--- a/active/software_clamav/clamav.md
+++ b/active/software_clamav/clamav.md
@@ -6,6 +6,7 @@
     - [Selinux](#selinux)
   - [On Access Scanning](#on-access-scanning)
   - [Testing](#testing)
+  - [Ignore Signatures](#ignore-signatures)
 
 <https://wiki.archlinux.org/title/ClamAV>
 
@@ -162,4 +163,19 @@ cd ~/Downloads/
 wget https://secure.eicar.org/eicar.com.txt
 # This should not work
 cat eicar.com.txt
-```
\ No newline at end of file
+```
+
+## Ignore Signatures
+
+<https://docs.clamav.net/faq/faq-ignore.html>
+
+```bash
+# Create the ignore list
+cd /var/lib/clamav
+touch ignore_list.ign2
+```
+
+Then add an ignore, like `PUA.Win.Trojan.Xored-1` which is a [known false
+positive](https://github.com/jensyt/imurmurhash-js/issues/1).
+
+Then `systemctl restart clamd@scan`.
\ No newline at end of file