.TH "sigtool" "1" "February 12, 2007" "ClamAV @VERSION@" "Clam AntiVirus" .SH "NAME" .LP sigtool \- signature and database management tool .SH "SYNOPSIS" .LP sigtool [options] .SH "DESCRIPTION" .LP sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts. .SH "OPTIONS" .LP .TP \fB\-h, \-\-help\fR Output help information and exit. .TP \fB\-V, \-\-version\fR Print version number and exit. .TP \fB\-\-quiet\fR Be quiet \- output only error messages. .TP \fB\-\-stdout\fR Write all messages to stdout. .TP \fB\-\-hex\-dump\fR Read data from stdin and write hex string to stdout. .TP \fB\-\-md5 [FILES]\fR Generate MD5 checksum from stdin or MD5 sigs for FILES. .TP \fB\-\-sha1 [FILES]\fR Generate SHA1 checksum from stdin or SHA1 sigs for FILES. .TP \fB\-\-sha256 [FILES]\fR Generate SHA256 checksum from stdin or SHA256 sigs for FILES. .TP \fB\-\-mdb [FILES]\fR Generate .mdb signatures for FILES. .TP \fB\-\-html\-normalise=FILE\fR Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory. .TP \fB\-\-utf16\-decode=FILE\fR Decode UTF16 encoded data. .TP \fB\-\-vba=FILE\fR Extract VBA/Word6 macros from given MS Office document. .TP \fB\-\-vba\-hex=FILE\fR Extract Word6 macros from given MS Office document and display the corresponding hex values. .TP \fB\-i, \-\-info\fR Print a CVD information and verify MD5 and a digital signature. .TP \fB\-b, \-\-build\fR Build a CVD file. \-s, \-\-server is required. .TP \fB\-\-max\-bad\-sigs=NUMBER\fR Maximum number of mismatched signatures when building a CVD. Default: 3000 .TP \fB\-\-flevel\fR Specify a custom flevel. Default: 77 .TP \fB\-\-cvd\-version\fR Specify the version number to use for the build. Default is to use the value+1 from the current CVD in --datadir. If no datafile is found the default behaviour is to prompt for a version number, this switch will prevent the prompt. NOTE: If a CVD is found in the --datadir its version+1 is used and this value is ignored. .TP \fB\-\-no\-cdiff\fR Don't create a .cdiff file when building a new database file. .TP \fB\-\-unsigned\fR Create a database file without digital signatures (.cua). .TP \fB\-\-server\fR ClamAV Signing Service address (for virus database maintainers only). .TP \fB\-\-datadir=DIR\fR Use DIR as the default database directory for all operations. .TP \fB\-\-unpack=FILE, \-u FILE\fR Unpack FILE (CVD) to a current directory. .TP \fB\-\-unpack\-current\fR Unpack a local CVD file (main or daily) to current directory. .TP \fB\-\-diff=OLD NEW, \-d OLD NEW\fR Create a diff file for OLD and NEW CVDs/INCDIRs. .TP \fB\-\-compare=OLD NEW, \-c OLD NEW\fR This command will compare two text files and print differences in a cdiff format. .TP \fB\-\-run\-cdiff=FILE, \-r FILE\fR Execute update script FILE in current directory. .TP \fB\-\-verify\-cdiff=FILE, \-r FILE\fR Verify DIFF against CVD/INCDIR. .TP \fB\-l[FILE], \-\-list\-sigs[=FILE]\fR List all signature names from the local database directory (default) or from FILE. .TP \fB\-fREGEX, \-\-find\-sigs=REGEX\fR Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked. .TP \fB\-\-decode\-sigs=REGEX\fR Decode signatures read from the standard input (eg. piped from \-\-find\-sigs) .TP \fB\-\-test\-sigs=DATABASE TARGET_FILE\fR Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created. .TP \fB\-\-print\-certs=FILE\fR Print Authenticode details from a PE file. .SH "EXAMPLES" .LP .TP Generate hex string from testfile and save it to testfile.hex: \fBcat testfile | sigtool \-\-hex\-dump > testfile.hex\fR .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" .LP Tomasz Kojm <tkojm@clamav.net> .SH "SEE ALSO" .LP freshclam(1), freshclam.conf(5)