Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
clamav/docs/man/sigtool.1.in

222 lines
6.7 KiB
Groff
Raw Permalink Normal View History

use actual version and user names in man pages (bb#408) git-svn: trunk@2963
2007-03-21 02:12:51 +00:00
.TH "sigtool" "1" "February 12, 2007" "ClamAV @VERSION@" "Clam AntiVirus"
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "NAME"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
add new features git-svn: trunk@765
2004-08-18 15:22:48 +00:00
sigtool \- signature and database management tool
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "SYNOPSIS"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
sigtool [options]
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "DESCRIPTION"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMON OPTIONS"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-h, \-\-help\fR
Output help information and exit.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-V, \-\-version\fR
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
Print version number and exit.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-\-quiet\fR
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Be quiet, output only error messages.
.TP
\fB\-\-debug\fR
Enable debug messages
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-\-stdout\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Write all messages to stdout.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-tempdir=DIRECTORY\fR
Create temporary files in DIRECTORY. Directory must be writable for the user running sigtool.
.TP
\fB\-\-leave\-temps\fR
Do not remove temporary files.
.TP
\fB\-\-datadir=DIR\fR
Use DIR as the default database directory for all operations.
.SH "COMMANDS FOR WORKING WITH SIGNATURES"
.LP
.TP
\fB\-l[FILE], \-\-list\-sigs[=FILE]\fR
List all signature names from the local database directory (default) or from FILE.
.TP
\fB\-fREGEX, \-\-find\-sigs=REGEX\fR
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
.TP
\fB\-\-decode\-sigs=REGEX\fR
Decode signatures read from the standard input (eg. piped from \-\-find\-sigs)
.TP
\fB\-\-test\-sigs=DATABASE TARGET_FILE\fR
Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
.SH "COMMANDS TO GENERATE SIGNATURES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
fix minor leaks and improve --md5 git-svn: trunk@814
2004-08-31 11:44:51 +00:00
\fB\-\-md5 [FILES]\fR
Generate MD5 checksum from stdin or MD5 sigs for FILES.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
sigtool: add new options --sha1 and --sha256
2011-01-18 15:00:37 +01:00
\fB\-\-sha1 [FILES]\fR
Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Swap clean cache from MD5 to SHA2-256 Change the clean-cache to use SHA2-256 instead of MD5. Note that all references are changed to specify "SHA2-256" now instead of "SHA256", for clarity. But there is no plan to add support for SHA3 algorithms at this time. Significant code cleanup. E.g.: - Implemented goto-done error handling. - Used `uint8_t *` instead of `unsigned char *`. - Use `bool` for boolean checks, rather than `int. - Used `#defines` instead of magic numbers. - Removed duplicate `#defines` for things like hash length. Add new option to calculate and record additional hash types when the "generate metadata JSON" feature is enabled: - libclamav option: `CL_SCAN_GENERAL_STORE_EXTRA_HASHES` - clamscan option: `--json-store-extra-hashes` (default off) - clamd.conf option: `JsonStoreExtraHashes` (default 'no') Renamed the sigtool option `--sha256` to `--sha2-256`. The original option is still functional, but is deprecated. For the "generate metadata JSON" feature, the file hash is now stored as "sha2-256" instead of "FileMD5". If you enable the "extra hashes" option, then it will also record "md5" and "sha1". Deprecate and disable the internal "SHA collect" feature. This option had been hidden behind C #ifdef checks for an option that wasn't exposed through CMake, so it was basically unavailable anyways. Changes to calculate file hashes when they're needed and no sooner. For the FP feature in the matcher module, I have mimiced the optimization in the FMAP scan routine which makes it so that it can calculate multiple hashes in a single pass of the file. The `HandlerType` feature stores a hash of the file in the scan ctx to prevent retyping the exact same data more than once. I removed that hash field and replaced it with an attribute flag that is applied to the new recursion stack layer when retyping a file. This also closes a minor bug that would prevent retyping a file with an all-zero hash. :) The work upgrading cache.c to support SHA2-256 sized hashes thanks to: https://github.com/m-sola CLAM-255 CLAM-1858 CLAM-1859 CLAM-1860
2025-06-03 19:03:20 -04:00
\fB\-\-sha2-256 [FILES]\fR
Generate SHA2-256 checksum from stdin or SHA2-256 sigs for FILES.
The previous option \-\-sha256 is deprecated and may be removed in a future version.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
add --mdb option git-svn: trunk@2715
2007-02-12 19:30:22 +00:00
\fB\-\-mdb [FILES]\fR
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Generate .mdb (PE section hash) signatures for FILES.
.TP
\fB\-\-imp [FILES]\fR
Generate .imp (PE import address table hash) signatures for FILES.
.TP
\fB\-\-fuzzy\-img [FILES]\fR
Generate image fuzzy hash for each file.
.SH "COMMANDS TO NORMALIZE FILES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
update git-svn: trunk@897
2004-09-18 19:26:08 +00:00
\fB\-\-html\-normalise=FILE\fR
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-ascii\-normalise=FILE\fR
Create normalised text file from ascii source.
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-utf16\-decode=FILE\fR
Decode UTF16 encoded data.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR FILE ANALYSIS"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
doc update git-svn: trunk@1196
2004-12-19 01:11:59 +00:00
\fB\-\-vba=FILE\fR
Extract VBA/Word6 macros from given MS Office document.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
doc update git-svn: trunk@1196
2004-12-19 01:11:59 +00:00
\fB\-\-vba\-hex=FILE\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Extract Word6 macros from given MS Office document and display the corresponding hex values.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-print\-certs=FILE\fR
Print Authenticode details from a PE file.
.TP
\fB\-\-hex\-dump\fR
Read data from stdin and write hex string to stdout.
.SH "COMMANDS FOR WORKING WITH CVDS"
.LP
.TP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
\fB\-i, \-\-info\fR
Print a CVD information and verify MD5 and a digital signature.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.TP
bb17595 - man page improvements.
2016-10-18 15:47:42 -04:00
\fB\-\-build=FILE, \-b FILE\fR
Build a CVD file. \-s, \-\-server is required for signed virus databases(.cvd), or, \-\-unsigned for unsigned(.cud).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-max\-bad\-sigs=NUMBER\fR
Maximum number of mismatched signatures when building a CVD. Default: 3000
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-flevel\fR
Specify a custom flevel. Default: 77
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-cvd\-version\fR
Specify the version number to use for the build. Default is to use the value+1
Apply patch from Scott Kitterman to correctly escape dashes in sigtool and clamsubmit man pages
2014-09-17 21:44:31 -04:00
from the current CVD in \-\-datadir. If no datafile is found the default
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
behaviour is to prompt for a version number, this switch will prevent the
prompt.
Apply patch from Scott Kitterman to correctly escape dashes in sigtool and clamsubmit man pages
2014-09-17 21:44:31 -04:00
NOTE: If a CVD is found in the \-\-datadir its version+1 is used and this value is ignored.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-no\-cdiff\fR
sigtool: add support for building unsigned dbs (--unsigned) libclamav: handle unsigned db files (.cud)
2011-05-10 21:29:49 +02:00
Don't create a .cdiff file when building a new database file.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-hybrid\fR
Create a hybrid (standard and bytecode) database file.
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-unsigned\fR
bb17595 - man page improvements.
2016-10-18 15:47:42 -04:00
Create a database file without digital signatures (.cud).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-server=ADDR\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
ClamAV Signing Service address (for virus database maintainers only).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
.TP
sigtool/sigtool.c: add --datadir (bb#2063)
2010-06-08 16:34:59 +02:00
\fB\-\-unpack=FILE, \-u FILE\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Unpack FILE (CVD) to a current directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.TP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
\fB\-\-unpack\-current\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Unpack a local CVD file (main or daily) to current directory.
FIPS & FIPS-like limits on hash algs for cryptographic uses ClamAV will not function when using a FIPS-enabled OpenSSL 3.x. This is because ClamAV uses MD5 and SHA1 algorithms for a variety of purposes including matching for malware detection, matching to prevent false positives on known-clean files, and for verification of MD5-based RSA digital signatures for determining CVD (signature database archive) authenticity. Interestingly, FIPS had been intentionally bypassed when creating hashes based whole buffers and whole files (by descriptor or `FILE`-pointer): https://github.com/Cisco-Talos/clamav/commit/78d4a9985a06a418dd1338c94ee5db461035d75b Note: this bypassed FIPS the 1.x way with: `EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);` It was NOT disabled when using `cl_hash_init()` / `cl_update_hash()` / `cl_finish_hash()`. That likely worked by coincidence in that the hash was already calculated most of the time. It certainly would have made use of those functions if the hash had not been calculated prior: https://github.com/Cisco-Talos/clamav/blob/78d4a9985a06a418dd1338c94ee5db461035d75b/libclamav/matcher.c#L743 Regardless, bypassing FIPS entirely is not the correct solution. The FIPS restrictions against using MD5 and SHA1 are valid, particularly when verifying CVD digital siganatures, but also I think when using a hash to determine if the file is known-clean (i.e. the "clean cache" and also MD5-based and SHA1-based FP signatures). This commit extends the work to bypass FIPS using the newer 3.x method: `md = EVP_MD_fetch(NULL, alg, "-fips");` It does this for the legacy `cl_hash*()` functions including `cl_hash_init()` / `cl_update_hash()` / `cl_finish_hash()`. It also introduces extended versions that allow the caller to choose if they want to bypass FIPS: - `cl_hash_data_ex()` - `cl_hash_init_ex()` - `cl_update_hash_ex()` - `cl_finish_hash_ex()` - `cl_hash_destroy_ex()` - `cl_hash_file_fd_ex()` See the `flags` parameter for each. Ironically, this commit does NOT use the new functions at this time. The rational is that ClamAV may need MD5, SHA1, and SHA-256 hashes of the same files both for determining if the file is malware, and for determining if the file is clean. So instead, this commit will do a checks when: 1. Creating a new ClamAV scanning engine. If FIPS-mode enabled, it will automatically toggle the "FIPS limits" engine option. When loading signatures, if the engine "FIPS limits" option is enabled, then MD5 and SHA1 FP signatures will be skipped. 2. Before verifying a CVD (e.g. also for loading, unpacking when verification enabled). If "FIPS limits" or FIPS-mode are enabled, then the legacy MD5-based RSA method is disabled. Note: This commit also refactors the interface for `cl_cvdverify_ex()` and `cl_cvdunpack_ex()` so they take a `flags` parameters, rather than a single `bool`. As these functions are new in this version, it does not break the ABI. The cache was already switched to use SHA2-256, so that's not a concern for checking FIPS-mode / FIPS limits options. This adds an option for `freshclam.conf` and `clamd.conf`: FIPSCryptoHashLimits yes And an equivalent command-line option for `clamscan` and `sigtool`: --fips-limits You may programmatically enable FIPS-limits for a ClamAV engine like this: ```C cl_engine_set_num(engine, CL_ENGINE_FIPS_LIMITS, 1); ``` CLAM-2792
2025-07-01 20:41:47 -04:00
.TP
\fB\-\-fips\-limits\fR
Enforce FIPS\-like limits on using hash algorithms for cryptographic purposes. Will disable MD5 & SHA1 FP sigs and will require '.sign' files to verify CVD authenticity.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR WORKING WITH CDIFF PATCH FILES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-diff=OLD NEW, \-d OLD NEW\fR
Create a diff file for OLD and NEW CVDs/INCDIRs.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
--compare cosmetics
2011-12-07 14:53:33 +01:00
\fB\-\-compare=OLD NEW, \-c OLD NEW\fR
This command will compare two text files and print differences in a cdiff format.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-run\-cdiff=FILE, \-r FILE\fR
Execute update script FILE in current directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-verify\-cdiff=FILE, \-r FILE\fR
Verify DIFF against CVD/INCDIR.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR CREATING AND VERIFYING DETACHED DIGITAL SIGNATURES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-sign\fR
Sign a file. The resulting .sign file name will be in the form: dbname\-version.cvd.sign
or FILE.sign for non\-CVD targets. It will be created next to the target file.
If a .sign file already exists, then the new signature will be appended to file.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-key=FILE\fR
Specify a signing key.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-cert=FILE\fR
Specify a signing cert. May be used more than once to add intermediate and root certificates.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-append\fR
Use to add a signature line to an existing .sign file. Otherwise an existing .sign file will be overwritten.
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
.TP
Sigtool: Add vba macro support for OOXML files Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback function and add clcb_generic_data handler prototype to the clamav.h public API. The cb_vba callback function will be run whenever VBA is extracted from office documents. The provided data will be a normalized copy of the original VBA. This callback is added to support Sigtool so it can use the same VBA extraction logic as when scanning documents. Change the Sigtool temp directory creation for any commands that use temp directories so that you can select a custom temp directory with the `--tempdir=PATH` option, and can retain the temp files with the `--leave-temps` option. Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output. Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
2023-03-02 17:23:46 -08:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-verify\fR
Find and verify a detached digital signature for the given file.
The digital signature file name must be in the form: dbname\-version.cvd.sign or FILE.sign for non-CVD targets.
It must be found next to the target file.
Sigtool: Add vba macro support for OOXML files Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback function and add clcb_generic_data handler prototype to the clamav.h public API. The cb_vba callback function will be run whenever VBA is extracted from office documents. The provided data will be a normalized copy of the original VBA. This callback is added to support Sigtool so it can use the same VBA extraction logic as when scanning documents. Change the Sigtool temp directory creation for any commands that use temp directories so that you can select a custom temp directory with the `--tempdir=PATH` option, and can retain the temp files with the `--leave-temps` option. Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output. Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
2023-03-02 17:23:46 -08:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-cvdcertsdir=DIR\fR
Specify a directory containing the root CA cert needed to verify the signature.
If not provided, then sigtool will look in the default certs directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.SH "ENVIRONMENT VARIABLES"
.LP
Sigtool uses the following environment variables:
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fBSIGNDUSER\fR
The username to authenticate with the signing server when building a signed CVD database.
.TP
\fBSIGNDPASS\fR
The password to authenticate with the signing server when building a signed CVD database.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fBCVD_CERTS_DIR\fR
Specify a directory containing the root CA cert needed to verify detached CVD digital signatures. If not provided, then sigtool will look in the default directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "EXAMPLES"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
.TP
add new features git-svn: trunk@765
2004-08-18 15:22:48 +00:00
Generate hex string from testfile and save it to testfile.hex:
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fBcat testfile | sigtool \-\-hex\-dump > testfile.hex\fR
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "CREDITS"
Please check the full documentation for credits.
.SH "AUTHOR"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
Tomasz Kojm <tkojm@clamav.net>
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "SEE ALSO"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
update 'SEE ALSO' (bb#2006)
2010-05-06 17:02:53 +02:00
freshclam(1), freshclam.conf(5)
Reference in a new issue Copy permalink