sigtool - Man Page

signature and database management tool

Synopsis

sigtool [options]

Description

sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.

Options

-h, --help: Output help information and exit.
-V, --version: Print version number and exit.
--quiet: Be quiet - output only error messages.
--stdout: Write all messages to stdout.
--hex-dump: Read data from stdin and write hex string to stdout.
--md5 [FILES]: Generate MD5 checksum from stdin or MD5 sigs for FILES.
--sha1 [FILES]: Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
--sha256 [FILES]: Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
--mdb [FILES]: Generate .mdb signatures for FILES.
--html-normalise=FILE: Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
--utf16-decode=FILE: Decode UTF16 encoded data.
--vba=FILE: Extract VBA/Word6 macros from given MS Office document.
--vba-hex=FILE: Extract Word6 macros from given MS Office document and display the corresponding hex values.
-i, --info: Print a CVD information and verify MD5 and a digital signature.
--build=FILE, -b FILE: Build a CVD file. -s, --server is required for signed virus databases(.cvd), or, --unsigned for unsigned(.cud).
--max-bad-sigs=NUMBER: Maximum number of mismatched signatures when building a CVD. Default: 3000
--flevel: Specify a custom flevel. Default: 77
--cvd-version: Specify the version number to use for the build. Default is to use the value+1 from the current CVD in --datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the --datadir its version+1 is used and this value is ignored.
--no-cdiff: Don't create a .cdiff file when building a new database file.
--unsigned: Create a database file without digital signatures (.cud).
--server: ClamAV Signing Service address (for virus database maintainers only).
--datadir=DIR: Use DIR as the default database directory for all operations.
--unpack=FILE, -u FILE: Unpack FILE (CVD) to a current directory.
--unpack-current: Unpack a local CVD file (main or daily) to current directory.
--diff=OLD NEW, -d OLD NEW: Create a diff file for OLD and NEW CVDs/INCDIRs.
--compare=OLD NEW, -c OLD NEW: This command will compare two text files and print differences in a cdiff format.
--run-cdiff=FILE, -r FILE: Execute update script FILE in current directory.
--verify-cdiff=FILE, -r FILE: Verify DIFF against CVD/INCDIR.
-l[FILE], --list-sigs[=FILE]: List all signature names from the local database directory (default) or from FILE.
-fREGEX, --find-sigs=REGEX: Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
--decode-sigs=REGEX: Decode signatures read from the standard input (eg. piped from --find-sigs)
--test-sigs=DATABASE TARGET_FILE: Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
--print-certs=FILE: Print Authenticode details from a PE file.
--tempdir=DIRECTORY: Create temporary files in DIRECTORY. Directory must be writable for the user running sigtool.
--leave-temps: Do not remove temporary files.