Section: Clam AntiVirus (1)
Updated: February 12, 2007
Page Index


sigtool - signature and database management tool  


sigtool [options]  


sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.  


-h, --help
Output help information and exit.
-V, --version
Print version number and exit.
Be quiet - output only error messages.
Write all messages to stdout.
Read data from stdin and write hex string to stdout.
--md5 [FILES]
Generate MD5 checksum from stdin or MD5 sigs for FILES.
--sha1 [FILES]
Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
--sha256 [FILES]
Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
--mdb [FILES]
Generate .mdb signatures for FILES.
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
Decode UTF16 encoded data.
Extract VBA/Word6 macros from given MS Office document.
Extract Word6 macros from given MS Office document and display the corresponding hex values.
-i, --info
Print a CVD information and verify MD5 and a digital signature.
--build=FILE, -b FILE
Build a CVD file. -s, --server is required for signed virus databases(.cvd), or, --unsigned for unsigned(.cud).
Maximum number of mismatched signatures when building a CVD. Default: 3000
Specify a custom flevel. Default: 77
Specify the version number to use for the build. Default is to use the value+1 from the current CVD in --datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the --datadir its version+1 is used and this value is ignored.
Don't create a .cdiff file when building a new database file.
Create a database file without digital signatures (.cud).
ClamAV Signing Service address (for virus database maintainers only).
Use DIR as the default database directory for all operations.
--unpack=FILE, -u FILE
Unpack FILE (CVD) to a current directory.
Unpack a local CVD file (main or daily) to current directory.
--diff=OLD NEW, -d OLD NEW
Create a diff file for OLD and NEW CVDs/INCDIRs.
--compare=OLD NEW, -c OLD NEW
This command will compare two text files and print differences in a cdiff format.
--run-cdiff=FILE, -r FILE
Execute update script FILE in current directory.
--verify-cdiff=FILE, -r FILE
Verify DIFF against CVD/INCDIR.
-l[FILE], --list-sigs[=FILE]
List all signature names from the local database directory (default) or from FILE.
-fREGEX, --find-sigs=REGEX
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
Decode signatures read from the standard input (eg. piped from --find-sigs)
Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
Print Authenticode details from a PE file.


Generate hex string from testfile and save it to testfile.hex:

cat testfile | sigtool --hex-dump > testfile.hex



Please check the full documentation for credits.  


Tomasz Kojm <>  


freshclam(1), freshclam.conf(5)