Documentation

You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.

Allow list databases

File allow lists

To allow a specific file use the MD5 signature format and place it inside a database file with the extension of .fp (for “false positive”). To allow a specific file with the SHA1 or SHA256 file hash signature format, place the signature inside a database file with the extension of .sfp (for “SHA false positive”).

Signature ignore lists

To ignore a specific signature from the database you just add the signature name into a local file with the .ign2 extension and store it inside the database directory.

E.g:

    Eicar-Test-Signature

Additionally, you can follow the signature name with the MD5 of the entire database entry for this signature. In such a case, the signature will no longer be ignored when its entry in the database gets modified (eg. the signature gets updated to avoid false alerts). E.g:

    Eicar-Test-Signature:bc356bae4c42f19a3de16e333ba3569c

Historically, signature ignores were added to .ign files. This format is still functional, though it has been replaced by the .ign2 database.