Steve Basford wrote: >> The local.ign entries are really meant to be a very short-term option to >> bypass a signature until the signature writer can either modify the >> signature or remove it from the particular signature database. > > Hi Bill, > > Most of the Sanesecurity signatures have a static ref. number, apart from > the jurlbl(a).ndb and spear.ndb databases, which will change, as they are > dynamically produced. > > As an extra note, the local.ign can also whitelist official signatures too. > > For example, I've have an FP in main.cvd, which I whitelisted in a > local.ign file. Better to use daily.ign for whitelisting official signatures. > As the main.cvd file doesn't get updated that often.. you'd want to keep a > local.ign file for more than 24hrs. Again, better to use daily.ign for these. I consider local.ign to be used only for third-party (unofficial) clamav signatures, but that may just be me. > For me, there should be an option to remove the local.ign file (default: > off) and then perhaps a configurable time frame, when the setting is set > to on. > > Certainly worth bringing up the issue though.. Yep, I'll wait to see what others think... Thanks, Bill