Method for whitelisting ClamAV false positives

This template is ONLY used for feature requests. Bug reporting or pipeline enhancement issues should use the other template options for issue submission.

Description

We need to be able to whitelist files which are marked as infected by ClamAV in the event there are false positives.

See the following on how to whitelist a file in the ClamAV database:

https://www.clamav.net/documents/whitelist-databases#:~:text=To%20whitelist%20a%20specific%20signature,it%20inside%20the%20database%20directory.&text=Historically%2C%20signature%20whitelists%20were%20added%20to%20.

Purpose

This would allow us to complete pipeline runs for projects with external resources that show as infected.

Plan

• Create a whitelist file in pipeline repo or somewhere else which is loaded into the ClamAV database for each run
• Add SHA256 hashes to the file for whitelisted files
• Add better error handling messages

Possible Blockers/Challenges

• The process through which we determine a file is a false positive.
• Storing the list of whitelisted file hashes in a place that makes sense

Acceptance Criteria

• Ability to whitelist a file
• Ability to add that whitelist to the start of the stage
• Test that the feature is working