Permanent Solution for ClamAV Whitelisting

Current Behavior

The current ClamAV whitelisting method should be improved. The existing implementation is a single whitelist file that will be copied to the ClamAV database directory if environment variable, CLAMAV_WHIETLIST exists.

Purpose

The current implementation would copy the same whitelist to any project requiring it. Meaning all findings that require whitelisting would be applied to any project using this env var.

Plan

Move whitelist file to project repo

Notify CHT Security that they will need to review any whitelist files included in MRs

Acceptance Criteria

• When a whitelist file is present, and a project CI var exists, copy whitelist file to ClamAV database directory (/usr/local/share/clamav/) with a file extension of .ign2.