sigtool
Section: Clam AntiVirus (1)
Updated: February 12, 2007
Page Index
NAME
sigtool - signature and database management tool
SYNOPSIS
sigtool [options]
DESCRIPTION
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.
OPTIONS
- -h, --help
-
Output help information and exit.
- -V, --version
-
Print version number and exit.
- --quiet
-
Be quiet - output only error messages.
- --stdout
-
Write all messages to stdout.
- --hex-dump
-
Read data from stdin and write hex string to stdout.
- --md5 [FILES]
-
Generate MD5 checksum from stdin or MD5 sigs for FILES.
- --sha1 [FILES]
-
Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
- --sha256 [FILES]
-
Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
- --mdb [FILES]
-
Generate .mdb signatures for FILES.
- --html-normalise=FILE
-
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
- --utf16-decode=FILE
-
Decode UTF16 encoded data.
- --vba=FILE
-
Extract VBA/Word6 macros from given MS Office document.
- --vba-hex=FILE
-
Extract Word6 macros from given MS Office document and display the corresponding hex values.
- -i, --info
-
Print a CVD information and verify MD5 and a digital signature.
- --build=FILE, -b FILE
-
Build a CVD file. -s, --server is required for signed virus databases(.cvd), or, --unsigned for unsigned(.cud).
- --max-bad-sigs=NUMBER
-
Maximum number of mismatched signatures when building a CVD. Default: 3000
- --flevel
-
Specify a custom flevel. Default: 77
- --cvd-version
-
Specify the version number to use for the build. Default is to use the value+1
from the current CVD in --datadir. If no datafile is found the default
behaviour is to prompt for a version number, this switch will prevent the
prompt.
NOTE: If a CVD is found in the --datadir its version+1 is used and this value is ignored.
- --no-cdiff
-
Don't create a .cdiff file when building a new database file.
- --unsigned
-
Create a database file without digital signatures (.cud).
- --server
-
ClamAV Signing Service address (for virus database maintainers only).
- --datadir=DIR
-
Use DIR as the default database directory for all operations.
- --unpack=FILE, -u FILE
-
Unpack FILE (CVD) to a current directory.
- --unpack-current
-
Unpack a local CVD file (main or daily) to current directory.
- --diff=OLD NEW, -d OLD NEW
-
Create a diff file for OLD and NEW CVDs/INCDIRs.
- --compare=OLD NEW, -c OLD NEW
-
This command will compare two text files and print differences in a cdiff format.
- --run-cdiff=FILE, -r FILE
-
Execute update script FILE in current directory.
- --verify-cdiff=FILE, -r FILE
-
Verify DIFF against CVD/INCDIR.
- -l[FILE], --list-sigs[=FILE]
-
List all signature names from the local database directory (default) or from FILE.
- -fREGEX, --find-sigs=REGEX
-
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
- --decode-sigs=REGEX
-
Decode signatures read from the standard input (eg. piped from --find-sigs)
- --test-sigs=DATABASE TARGET_FILE
-
Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
- --print-certs=FILE
-
Print Authenticode details from a PE file.
EXAMPLES
- Generate hex string from testfile and save it to testfile.hex:
-
cat testfile | sigtool --hex-dump > testfile.hex
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
freshclam(1), freshclam.conf(5)