/

sigtool (1) Linux Manual Page

ByLinux Manual Posted on Updated on

NAME

sigtool – signature and database management tool

SYNOPSIS

sigtool [options]

DESCRIPTION

sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.

OPTIONS

-h, –help

Output help information and exit.

-V, –version

Print version number and exit.

–quiet

Be quiet – output only error messages.

–stdout

Write all messages to stdout.

–hex-dump

Read data from stdin and write hex string to stdout.

–md5 [FILES]

Generate MD5 checksum from stdin or MD5 sigs for FILES.

–sha1 [FILES]

Generate SHA1 checksum from stdin or SHA1 sigs for FILES.

–sha256 [FILES]

Generate SHA256 checksum from stdin or SHA256 sigs for FILES.

–mdb [FILES]

Generate .mdb signatures for FILES.

–html-normalise=FILE

Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.

–utf16-decode=FILE

Decode UTF16 encoded data.

–vba=FILE

Extract VBA/Word6 macros from given MS Office document.

–vba-hex=FILE

Extract Word6 macros from given MS Office document and display the corresponding hex values.

-i, –info

Print a CVD information and verify MD5 and a digital signature.

-b, –build

Build a CVD file. -s, –server is required.

–max-bad-sigs=NUMBER

Maximum number of mismatched signatures when building a CVD. Default: 3000

–flevel

Specify a custom flevel. Default: 77

–cvd-version

Specify the version number to use for the build. Default is to use the value+1 from the current CVD in –datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the –datadir its version+1 is used and this value is ignored.

–no-cdiff

Don’t create a .cdiff file when building a new database file.

–unsigned

Create a database file without digital signatures (.cua).

–server

ClamAV Signing Service address (for virus database maintainers only).

–datadir=DIR

Use DIR as the default database directory for all operations.

–unpack=FILE, -u FILE

Unpack FILE (CVD) to a current directory.

–unpack-current

Unpack a local CVD file (main or daily) to current directory.

–diff=OLD NEW, -d OLD NEW

Create a diff file for OLD and NEW CVDs/INCDIRs.

–compare=OLD NEW, -c OLD NEW

This command will compare two text files and print differences in a cdiff format.

–run-cdiff=FILE, -r FILE

Execute update script FILE in current directory.

–verify-cdiff=FILE, -r FILE

Verify DIFF against CVD/INCDIR.

-l[FILE], –list-sigs[=FILE]

List all signature names from the local database directory (default) or from FILE.

-fREGEX, –find-sigs=REGEX

Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.

–decode-sigs=REGEX

Decode signatures read from the standard input (eg. piped from –find-sigs)

–test-sigs=DATABASE TARGET_FILE

Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.

–print-certs=FILE

Print Authenticode details from a PE file.

EXAMPLES

Generate hex string from testfile and save it to testfile.hex:

cat testfile | sigtool –hex-dump > testfile.hex

CREDITS

Please check the full documentation for credits.

AUTHOR

Tomasz Kojm <tkojm [at] clamav.net>

SEE ALSO

freshclam(1), freshclam.conf(5)

Index

Leave a Reply

Your email address will not be published. Required fields are marked *