You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.
To allow a specific file use the MD5 signature format and place it inside a database file with the extension of
.fp (for “false positive”). To allow a specific file with the SHA1 or SHA256 file hash signature format, place the signature inside a database file with the extension of
.sfp (for “SHA false positive”).
To ignore a specific signature from the database you just add the signature name into a local file with the
.ign2 extension and store it inside the database directory.
Additionally, you can follow the signature name with the MD5 of the entire database entry for this signature. In such a case, the signature will no longer be ignored when its entry in the database gets modified (eg. the signature gets updated to avoid false alerts). E.g:
Historically, signature ignores were added to
.ign files. This format is still functional, though it has been replaced by the