sigtool − signature and database management tool
sigtool [options]
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.
−h, −−help
Output help information and exit.
−V, −−version
Print version number and exit.
−−quiet
Be quiet − output only error messages.
−−stdout
Write all messages to stdout.
−−hex−dump
Read data from stdin and write hex string to stdout.
−−md5 [FILES]
Generate MD5 checksum from stdin or MD5 sigs for FILES.
−−sha1 [FILES]
Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
−−sha256 [FILES]
Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
−−mdb [FILES]
Generate .mdb signatures for FILES.
−−html−normalise=FILE
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
−−utf16−decode=FILE
Decode UTF16 encoded data.
−−vba=FILE
Extract VBA/Word6 macros from given MS Office document.
−−vba−hex=FILE
Extract Word6 macros from given MS Office document and display the corresponding hex values.
−i, −−info
Print a CVD information and verify MD5 and a digital signature.
−b, −−build
Build a CVD file. −s, −−server is required.
−−max−bad−sigs=NUMBER
Maximum number of mismatched signatures when building a CVD. Default: 3000
−−flevel
Specify a custom flevel. Default: 77
−−cvd−version
Specify the version number to use for the build. Default is to use the value+1 from the current CVD in −−datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the −−datadir its version+1 is used and this value is ignored.
−−no−cdiff
Don’t create a .cdiff file when building a new database file.
−−unsigned
Create a database file without digital signatures (.cua).
−−server
ClamAV Signing Service address (for virus database maintainers only).
−−datadir=DIR
Use DIR as the default database directory for all operations.
−−unpack=FILE, −u FILE
Unpack FILE (CVD) to a current directory.
−−unpack−current
Unpack a local CVD file (main or daily) to current directory.
−−diff=OLD NEW, −d OLD NEW
Create a diff file for OLD and NEW CVDs/INCDIRs.
−−compare=OLD NEW, −c OLD NEW
This command will compare two text files and print differences in a cdiff format.
−−run−cdiff=FILE, −r FILE
Execute update script FILE in current directory.
−−verify−cdiff=FILE, −r FILE
Verify DIFF against CVD/INCDIR.
−l[FILE], −−list−sigs[=FILE]
List all signature names from the local database directory (default) or from FILE.
−fREGEX, −−find−sigs=REGEX
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
−−decode−sigs=REGEX
Decode signatures read from the standard input (eg. piped from −−find−sigs)
−−test−sigs=DATABASE TARGET_FILE
Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
−−print−certs=FILE
Print Authenticode details from a PE file.
Generate hex string from testfile and save it to testfile.hex:
cat testfile | sigtool −−hex−dump > testfile.hex
Please check the full documentation for credits.
Tomasz Kojm <tkojm AT clamav DOT net>