sigtool (1) Linux Manual Page
sigtool – signature and database management tool
Synopsis
sigtool [options]Description
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.Options
- -h, –help
- Output help information and exit.
- -V, –version
- Print version number and exit.
- –quiet
- Be quiet – output only error messages.
- –stdout
- Write all messages to stdout.
- –hex-dump
- Read data from stdin and write hex string to stdout.
- –md5 [FILES]
- Generate MD5 checksum from stdin or MD5 sigs for FILES.
- –sha1 [FILES]
- Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
- –sha256 [FILES]
- Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
- –mdb [FILES]
- Generate .mdb signatures for FILES.
- –html-normalise=FILE
- Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
- –utf16-decode=FILE
- Decode UTF16 encoded data.
- –vba=FILE
- Extract VBA/Word6 macros from given MS Office document.
- –vba-hex=FILE
- Extract Word6 macros from given MS Office document and display the corresponding hex values.
- -i, –info
- Print a CVD information and verify MD5 and a digital signature.
- -b, –build
- Build a CVD file. -s, –server is required.
- –max-bad-sigs=NUMBER
- Maximum number of mismatched signatures when building a CVD. Default: 3000
- –flevel
- Specify a custom flevel. Default: 77
- –cvd-version
- Specify the version number to use for the build. Default is to use the value+1 from the current CVD in –datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the –datadir its version+1 is used and this value is ignored.
- –no-cdiff
- Don’t create a .cdiff file when building a new database file.
- –unsigned
- Create a database file without digital signatures (.cua).
- –server
- ClamAV Signing Service address (for virus database maintainers only).
- –datadir=DIR
- Use DIR as the default database directory for all operations.
- –unpack=FILE, -u FILE
- Unpack FILE (CVD) to a current directory.
- –unpack-current
- Unpack a local CVD file (main or daily) to current directory.
- –diff=OLD NEW, -d OLD NEW
- Create a diff file for OLD and NEW CVDs/INCDIRs.
- –compare=OLD NEW, -c OLD NEW
- This command will compare two text files and print differences in a cdiff format.
- –run-cdiff=FILE, -r FILE
- Execute update script FILE in current directory.
- –verify-cdiff=FILE, -r FILE
- Verify DIFF against CVD/INCDIR.
- -l[FILE], –list-sigs[=FILE]
- List all signature names from the local database directory (default) or from FILE.
- -fREGEX, –find-sigs=REGEX
- Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
- –decode-sigs=REGEX
- Decode signatures read from the standard input (eg. piped from –find-sigs)
- –test-sigs=DATABASE TARGET_FILE
- Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
- –print-certs=FILE
- Print Authenticode details from a PE file.
Examples
- Generate hex string from testfile and save it to testfile.hex:
- cat testfile | sigtool –hex-dump > testfile.hex