Hi Jonathan,
This signature shouldn't appear in the generic signature set, as this one contains only generally applicable signatures.
For example, you will find cross-site scripting, SQL injection (common syntax) and malicious user-agent signatures in that set.
The Shellshock signature only applies to the Unix/Linux operating system.
Therefore you should create a new signature set with the Unix/Linux system and apply it to the relevant policies.
This way you will be protected against Shellshock, as well as other attacks that target this operating system.