add clamav ignore signatures notes

2025-11-18 09:56:44 -05:00
parent d9ed144578
commit 5161dced6e
1 changed files with 17 additions and 1 deletions
--- a/active/software_clamav/clamav.md
+++ b/active/software_clamav/clamav.md
@@ -6,6 +6,7 @@
    - [Selinux](#selinux)
  - [On Access Scanning](#on-access-scanning)
  - [Testing](#testing)
+  - [Ignore Signatures](#ignore-signatures)

 <https://wiki.archlinux.org/title/ClamAV>

@@ -162,4 +163,19 @@ cd ~/Downloads/
 wget https://secure.eicar.org/eicar.com.txt
 # This should not work
 cat eicar.com.txt
-```
+```
+
+## Ignore Signatures
+
+<https://docs.clamav.net/faq/faq-ignore.html>
+
+```bash
+# Create the ignore list
+cd /var/lib/clamav
+touch ignore_list.ign2
+```
+
+Then add an ignore, like `PUA.Win.Trojan.Xored-1` which is a [known false
+positive](https://github.com/jensyt/imurmurhash-js/issues/1).
+
+Then `systemctl restart clamd@scan`.