@@ -285,7 +285,7 @@ struct cl_engine {

     /* hash matcher for MD5 sigs for PE sections */

     struct cli_matcher *hm_mdb;

     /* hash matcher for MD5 sigs for PE import tables */

-    struct cli_matcher *hm_ith;

+    struct cli_matcher *hm_imp;

     /* hash matcher for whitelist db */

     struct cli_matcher *hm_fp;

@@ -2340,7 +2340,7 @@ static inline int scan_pe_impfuncs(cli_ctx *ctx, void *md5ctx, uint32_t *itsz, s

 }

 static int scan_pe_imptbl(cli_ctx *ctx, struct pe_image_data_dir *dirs, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size, int pe_plus) {

-    struct cli_matcher *ith = ctx->engine->hm_ith;

+    struct cli_matcher *imp = ctx->engine->hm_imp;

     struct pe_image_data_dir *datadir = &(dirs[1]);

     struct pe_image_import_descriptor *image;

     fmap_t *map = *ctx->fmap;

@@ -2435,10 +2435,10 @@ static int scan_pe_imptbl(cli_ctx *ctx, struct pe_image_data_dir *dirs, struct c

             free(dstr);

     }

-    if (ith) {

-        if ((ret = cli_hm_scan(digest, itsz, &virname, ith, CLI_HASH_MD5)) == CL_VIRUS)

+    if (imp) {

+        if ((ret = cli_hm_scan(digest, itsz, &virname, imp, CLI_HASH_MD5)) == CL_VIRUS)

             cli_append_virus(ctx, virname);

-        else if ((ret = cli_hm_scan_wild(digest, &virname, ith, CLI_HASH_MD5)) == CL_VIRUS)

+        else if ((ret = cli_hm_scan_wild(digest, &virname, imp, CLI_HASH_MD5)) == CL_VIRUS)

             cli_append_virus(ctx, virname);

     }

@@ -3356,9 +3356,9 @@ int cli_scanpe(cli_ctx *ctx)

     /* Attempt to run scans on import table */

     /* Run if there are existing signatures and/or preclassing */

 #if HAVE_JSON

-    if (DCONF & PE_CONF_IMPTBL && (ctx->engine->hm_ith || ctx->wrkproperty)) {

+    if (DCONF & PE_CONF_IMPTBL && (ctx->engine->hm_imp || ctx->wrkproperty)) {

 #else

-    if (DCONF & PE_CONF_IMPTBL && ctx->engine->hm_ith) {

+    if (DCONF & PE_CONF_IMPTBL && ctx->engine->hm_imp) {

 #endif

         ret = scan_pe_imptbl(ctx, dirs, exe_sections, nsections, hdr_size, pe_plus);

         switch (ret) {

@@ -2380,7 +2380,7 @@ static int cli_loadign(FILE *fs, struct cl_engine *engine, unsigned int options,

 #define MD5_HDB	    0

 #define MD5_MDB	    1

 #define MD5_FP	    2

-#define MD5_ITH	    3

+#define MD5_IMP	    3

 #define MD5_TOKENS 5

 static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int mode, unsigned int options, struct cli_dbio *dbio, const char *dbname)

@@ -2401,8 +2401,8 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	db = engine->hm_mdb;

     } else if(mode == MD5_HDB)

 	db = engine->hm_hdb;

-    else if(mode == MD5_ITH)

-	db = engine->hm_ith;

+    else if(mode == MD5_IMP)

+	db = engine->hm_imp;

     else

 	db = engine->hm_fp;

@@ -2416,8 +2416,8 @@ static int cli_loadhash(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	    engine->hm_hdb = db;

 	else if(mode == MD5_MDB)

 	    engine->hm_mdb = db;

-	else if(mode == MD5_ITH)

-	    engine->hm_ith = db;

+	else if(mode == MD5_IMP)

+	    engine->hm_imp = db;

 	else

 	    engine->hm_fp = db;

     }

@@ -4285,8 +4285,8 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo

 	ret = cli_loadhash(fs, engine, signo, MD5_FP, options, dbio, dbname);

     } else if(cli_strbcasestr(dbname, ".mdb") || cli_strbcasestr(dbname, ".msb")) {

 	ret = cli_loadhash(fs, engine, signo, MD5_MDB, options, dbio, dbname);

-    } else if(cli_strbcasestr(dbname, ".ith")) {

-	ret = cli_loadhash(fs, engine, signo, MD5_ITH, options, dbio, dbname);

+    } else if(cli_strbcasestr(dbname, ".imp")) {

+	ret = cli_loadhash(fs, engine, signo, MD5_IMP, options, dbio, dbname);

     } else if(cli_strbcasestr(dbname, ".mdu") || cli_strbcasestr(dbname, ".msu")) {

 	if(options & CL_DB_PUA)

@@ -111,6 +111,7 @@ const struct clam_option __clam_options[] = {

     { NULL, "sha1", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },

     { NULL, "sha256", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },

     { NULL, "mdb", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },

+    { NULL, "imp", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },

     { NULL, "print-certs", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },

     { NULL, "html-normalise", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },

     { NULL, "ascii-normalise", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },

@@ -118,6 +118,7 @@ static const struct dblist_s {

     { "wdb",   0 },

     { "crb",   1 },

     { "cdb",   1 },

+    { "imp",   1 },

     { NULL,	    0 }

 };

@@ -1415,7 +1416,8 @@ static int listdir(const char *dirname, const regex_t *regex)

 	     cli_strbcasestr(dent->d_name, ".cbc") ||

 	     cli_strbcasestr(dent->d_name, ".cld") ||

 	     cli_strbcasestr(dent->d_name, ".cvd") ||  

-	     cli_strbcasestr(dent->d_name, ".crb"))) {

+	     cli_strbcasestr(dent->d_name, ".crb") ||

+	     cli_strbcasestr(dent->d_name, ".imp"))) {

 		dbfile = (char *) malloc(strlen(dent->d_name) + strlen(dirname) + 2);

 		if(!dbfile) {

@@ -1559,7 +1561,7 @@ static int listdb(const char *filename, const regex_t *regex)

             line++;

             mprintf("%s\n", buffer);

         }

-    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu") || cli_strbcasestr(filename, ".hsb") || cli_strbcasestr(filename, ".hsu") || cli_strbcasestr(filename, ".msb") || cli_strbcasestr(filename, ".msu")) { /* hash database */

+    } else if(cli_strbcasestr(filename, ".hdb") || cli_strbcasestr(filename, ".hdu") || cli_strbcasestr(filename, ".mdb") || cli_strbcasestr(filename, ".mdu") || cli_strbcasestr(filename, ".hsb") || cli_strbcasestr(filename, ".hsu") || cli_strbcasestr(filename, ".msb") || cli_strbcasestr(filename, ".msu") || cli_strbcasestr(filename, ".imp")) { /* hash database */

 	while(fgets(buffer, FILEBUFF, fh)) {

 	    cli_chomp(buffer);

@@ -3490,7 +3492,8 @@ static void help(void)

     mprintf("                                           or SHA1 sigs for FILES\n");

     mprintf("    --sha256 [FILES]                       generate SHA256 checksum from stdin\n");

     mprintf("                                           or SHA256 sigs for FILES\n");

-    mprintf("    --mdb [FILES]                          generate .mdb sigs\n");

+    mprintf("    --mdb [FILES]                          generate .mdb (section hash) sigs\n");

+    mprintf("    --imp [FILES]                          generate .imp (import table hash) sigs\n");

     mprintf("    --html-normalise=FILE                  create normalised parts of HTML file\n");

     mprintf("    --ascii-normalise=FILE                 create normalised text file from ascii source\n");

     mprintf("    --utf16-decode=FILE                    decode UTF16 encoded files\n");

@@ -3585,6 +3588,8 @@ int main(int argc, char **argv)

 	ret = hashsig(opts, 0, 3);

     else if(optget(opts, "mdb")->enabled)

 	ret = hashsig(opts, 1, 1);

+    else if(optget(opts, "imp")->enabled)

+	ret = hashsig(opts, 2, 1);

     else if(optget(opts, "html-normalise")->enabled)

 	ret = htmlnorm(opts);

     else if(optget(opts, "ascii-normalise")->enabled)