The ClamAV Signature Util (clam-sigutil) project provides:
- A library for parsing and validating ClamAV signatures to ensure proper syntax, correct functionality levels, etc.
- An application to inspect or validate ClamAV signature files.
Prerequisites for a native build:
- The Rust compiler toolchain
- OpenSSL development library
Alternatively you may build with Docker using the provided Dockerfile.
The simplest way to use clam-sigutil is using a Docker container.
To build the image, run:
docker build . -t clamav-signature-util --loadTo use clam-sigutil in the container, run like this where you mount the current directory in the host:
docker run -it --mount type=bind,source=(pwd),target=/pwd \
clamav-signature-util:latest \
clam-sigutil --helpThen you can use it to validate or inspect signature files from your current directory. For example:
docker run -it --mount type=bind,source=(pwd),target=/pwd \
clamav-signature-util:latest \
clam-sigutil --validate ./regex_sig.ldb
docker run -it --mount type=bind,source=(pwd),target=/pwd \
clamav-signature-util:latest \
clam-sigutil --dump-debug ./regex_sig.ldbUSAGE:
clam-sigutil [FLAGS] [OPTIONS] [FILE_OR_DIR]...
FLAGS:
--check-export Re-export signatures after parsing and verify
--dump-debug Dump signatures in debug format
--dump-debug-long Dump signatures in long debug format
-h, --help Prints help information
--print-features Report required features
--print-orig Print original signatures as they're read
--validate Perform additional validation on signatures
-V, --version Prints version information
-v, --verbose Report on each file read
OPTIONS:
--sig-type <sig-type> Signature type for stdin, specified as file extension
ARGS:
<FILE_OR_DIR>... Files or directory containing files to process
There are many ways to contribute.
This project is licensed under the GNU General Public License Version 2.