[clamav-users] Whitelist based on sign *and* filename?

[Mathieu D.]

Hello,

Is there any way to whitelist a file based on it's signature *and* it's 
filename?

My case is about a legit PDF file embedding JavaScript sent by users by email. 
Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is 
always different (probably because users are saving form data inside).

I am aware of the ".ign2" file to list signatures to ignore:
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature

But I am afraid it would also whitelist real ransomware or virus embedded into 
PDF files, which is way too dangerous. Therefore I would like to reduce it's 
scope; I can only think of adding the file name, which in my case should almost 
always be the same (the MD5 and file size are always differents).

Maybe using the ".fp" file could helps, if only it would not require the MD5 
hash and the filesize:
http://pig.made-it.com/clamav.html

Thanks,
-- 
Mathieu