[Fix] ignore_inotify.defaults: restore ClamAV scantemp coverage; issue #484

[Fix] Add literal "scantemp." substring (trailing dot prevents user-file FP
      like scantemplate.php) — restores the noise suppression dropped in
      commit 984c0b1 (issue #480 sentinel fixup)
[Change] tests/47-ignore-inotify-defaults.bats: +2 sentinel tests
[Change] CHANGELOG, CHANGELOG.RELEASE: v2.0.1 [Fix] entry

Author: rfxn

CHANGELOG

@@ -240,6 +240,9 @@ v2.0.1 | Mar 25 2026:
 [Fix] monitor: ignore_paths now uses grep -E -vf (ERE) to match scan-mode
       semantics; fixes silent regression from awk index() substring
       filter introduced by monitor-mode redesign; issue #484
+[Fix] ignore_inotify.defaults: re-add "scantemp." (trailing-dot-safe) for
+      ClamAV scan-temp directory noise; trailing dot prevents matching
+      user files named scantemplate.*; issue #484, #104, #431
 
 [Fix] monitor: ownership filters (scan_ignore_root/user/group) unconditionally
       excluded root-owned files in monitor mode; root-owned malware drops silently

CHANGELOG.RELEASE

@@ -240,6 +240,9 @@ v2.0.1 | Mar 25 2026:
 [Fix] monitor: ignore_paths now uses grep -E -vf (ERE) to match scan-mode
       semantics; fixes silent regression from awk index() substring
       filter introduced by monitor-mode redesign; issue #484
+[Fix] ignore_inotify.defaults: re-add "scantemp." (trailing-dot-safe) for
+      ClamAV scan-temp directory noise; trailing dot prevents matching
+      user files named scantemplate.*; issue #484, #104, #431
 
 [Fix] monitor: ownership filters (scan_ignore_root/user/group) unconditionally
       excluded root-owned files in monitor mode; root-owned malware drops silently

files/internals/ignore_inotify.defaults

@@ -41,6 +41,7 @@ memcached.sock
 # ClamAV runtime temp
 /var/tmp/clamav-
 /tmp/clamav-
+scantemp.
 
 # LMD install paths (legacy + FHS) — covers scan temp workspaces transitively
 /usr/local/maldetect/

tests/47-ignore-inotify-defaults.bats

@@ -59,7 +59,10 @@ _source_lmd_stack() {
 # bats test_tags=monitor,defaults
 @test "defaults: user ignore_inotify contains no regex anchors or metacharacter defaults" {
     run bash -c "grep -E '^[^#[:space:]].*(\\^|\\\$|\\.\\*|\\\\\\.)' '$LMD_INSTALL/ignore_inotify'"
-    # expect: grep returns 1 (no match) — no regex patterns survived P2
+    # expect: no live regex anchors or wildcards in shipped user ignore_inotify
+    # template (issue #484 restored ERE semantics but the shipped template still
+    # has only comment scaffolding — this test guards against accidental re-
+    # introduction of live regex defaults).
     [ "$status" -eq 1 ]
 }
 
@@ -207,3 +210,23 @@ _source_lmd_stack() {
     done < "$LMD_INSTALL/internals/ignore_inotify.defaults"
     [ "$hit" -ge 1 ]
 }
+
+# bats test_tags=monitor,defaults
+@test "defaults: scantemp. entry is installed in ignore_inotify.defaults" {
+    # Integration: verify the entry is actually shipped in the installed file.
+    # issue #484 — pure string-match tests duplicate bash syntax coverage;
+    # this one exercises the real installation path.
+    run bash -c "grep -cxF 'scantemp.' '$LMD_INSTALL/internals/ignore_inotify.defaults'"
+    [ "$status" -eq 0 ]
+    [ "$output" = "1" ]
+}
+
+# bats test_tags=monitor,defaults
+@test "defaults: scantemp. is emitted with d: prefix by union helper" {
+    # Integration: the defaults entry reaches the exclude-regex pipeline.
+    _source_lmd_stack
+    run _monitor_load_ignore_inotify_union "$LMD_INSTALL/ignore_inotify" \
+        "$LMD_INSTALL/internals/ignore_inotify.defaults"
+    [ "$status" -eq 0 ]
+    echo "$output" | grep -qxF 'd:scantemp.'
+}