Add a signature whitelist file

defaults/main.yml

@@ -23,9 +23,10 @@ clamav_unofficial_sigs_rh_pkgs:
   - perl
 
 clamav_signatures_db_dir: '/var/lib/clamav'
-clamav_signatures_dbs_to_wipe:
-  - 'scamnailer.ndb'
-
+clamav_signatures_dbs_to_wipe: []
+#  - 'scamnailer.ndb'
+clamav_signatures_whitelist_file: 'local_whitelist.ign2'
+clamav_signatures_whitelist: []
 clamav_clamd_user: clamscan
 clamav_clamd_conf_dir: '/etc/clamd.d'  
 clamav_clamd_conf_file: '{{ clamav_clamd_conf_dir }}/scan.conf'  

tasks/main.yml

@@ -37,8 +37,14 @@
   - name: Remove some signature files that are broken.
     file: dest={{ clamav_signatures_db_dir }}/{{ item }} state=absent
     with_items: '{{ clamav_signatures_dbs_to_wipe }}'
+    notify: Restart clamd
     tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]
 
+  - name: Install the local whitelist file
+    template: src=local_whitelist.ign2.j2 dest={{ clamav_signatures_db_dir }}/{{ clamav_signatures_whitelist_file }} owner=clamscan group=clamscan mode='0444'
+    notify: Restart clamd
+    tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures', 'clamav_whitelist' ]
+
   - name: Install a cron job that wipes the wrong signature files, just in case they reappear after an update
     cron: name="Wipe some clamav signature dbs that are broken" user=root special_time=hourly job="{% for db in clamav_signatures_dbs_to_wipe %}/bin/rm -f {{ clamav_signatures_db_dir }}/{{ db }}{% if not loop.last %}; {% endif %}{% endfor %}"
     tags: [ 'clamav', 'clamav_clamd', 'clamav_config', 'clamav_signatures' ]

templates/local_whitelist.ign2.j2

@@ -0,0 +1,3 @@
+{% for signature in clamav_signatures_whitelist %}
+{{ signature }}
+{% endfor %}