<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta name="generator" content="pandoc" /> <title></title> <style type="text/css">code{white-space: pre;}</style> <link rel="stylesheet" href="/en/github.css" type="text/css" /> </head> <body> <h1 id="whitelist-databases">Whitelist databases</h1> <h2 id="file-whitelists">File whitelists</h2> <p>To whitelist a specific file use the MD5 signature format and place it inside a database file with the extension of <code>.fp</code>. To whitelist a specific file with the SHA1 or SHA256 file hash signature format, place the signature inside a database file with the extension of <code>.sfp</code>.</p> <hr /> <h2 id="signature-whitelists">Signature whitelists</h2> <p>To whitelist a specific signature from the database you just add the signature name into a local file with the <code>.ign2</code> extension and store it inside the database directory.</p> <p>E.g:</p> <pre> Eicar-Test-Signature </pre> <p>Additionally, you can follow the signature name with the MD5 of the entire database entry for this signature. In such a case, the signature will no longer be whitelisted when its entry in the database gets modified (eg. the signature gets updated to avoid false alerts). E.g:</p> <pre> Eicar-Test-Signature:bc356bae4c42f19a3de16e333ba3569c </pre> <p>Historically, signature whitelists were added to <code>.ign</code> files. This format is still functional, though it has been replaced by the <code>.ign2</code> database.</p> </body> </html>