Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
clamav/docs/man/sigtool.1.in

218 lines
6.4 KiB
Groff
Raw Normal View History

use actual version and user names in man pages (bb#408) git-svn: trunk@2963
2007-03-21 02:12:51 +00:00
.TH "sigtool" "1" "February 12, 2007" "ClamAV @VERSION@" "Clam AntiVirus"
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "NAME"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
add new features git-svn: trunk@765
2004-08-18 15:22:48 +00:00
sigtool \- signature and database management tool
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "SYNOPSIS"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
sigtool [options]
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "DESCRIPTION"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMON OPTIONS"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-h, \-\-help\fR
Output help information and exit.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-V, \-\-version\fR
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
Print version number and exit.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-\-quiet\fR
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Be quiet, output only error messages.
.TP
\fB\-\-debug\fR
Enable debug messages
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fB\-\-stdout\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Write all messages to stdout.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-tempdir=DIRECTORY\fR
Create temporary files in DIRECTORY. Directory must be writable for the user running sigtool.
.TP
\fB\-\-leave\-temps\fR
Do not remove temporary files.
.TP
\fB\-\-datadir=DIR\fR
Use DIR as the default database directory for all operations.
.SH "COMMANDS FOR WORKING WITH SIGNATURES"
.LP
.TP
\fB\-l[FILE], \-\-list\-sigs[=FILE]\fR
List all signature names from the local database directory (default) or from FILE.
.TP
\fB\-fREGEX, \-\-find\-sigs=REGEX\fR
Find and display signatures from the local database directory which match the given REGEX. The whole signature body (name, hex string, etc.) is checked.
.TP
\fB\-\-decode\-sigs=REGEX\fR
Decode signatures read from the standard input (eg. piped from \-\-find\-sigs)
.TP
\fB\-\-test\-sigs=DATABASE TARGET_FILE\fR
Test all signatures from DATABASE against TARGET_FILE. This option will only give valid results if the target file is the final one (after unpacking, normalization, etc.) for which the signatures were created.
.SH "COMMANDS TO GENERATE SIGNATURES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
fix minor leaks and improve --md5 git-svn: trunk@814
2004-08-31 11:44:51 +00:00
\fB\-\-md5 [FILES]\fR
Generate MD5 checksum from stdin or MD5 sigs for FILES.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
sigtool: add new options --sha1 and --sha256
2011-01-18 15:00:37 +01:00
\fB\-\-sha1 [FILES]\fR
Generate SHA1 checksum from stdin or SHA1 sigs for FILES.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
sigtool: add new options --sha1 and --sha256
2011-01-18 15:00:37 +01:00
\fB\-\-sha256 [FILES]\fR
Generate SHA256 checksum from stdin or SHA256 sigs for FILES.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
add --mdb option git-svn: trunk@2715
2007-02-12 19:30:22 +00:00
\fB\-\-mdb [FILES]\fR
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
Generate .mdb (PE section hash) signatures for FILES.
.TP
\fB\-\-imp [FILES]\fR
Generate .imp (PE import address table hash) signatures for FILES.
.TP
\fB\-\-fuzzy\-img [FILES]\fR
Generate image fuzzy hash for each file.
.SH "COMMANDS TO NORMALIZE FILES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
update git-svn: trunk@897
2004-09-18 19:26:08 +00:00
\fB\-\-html\-normalise=FILE\fR
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-ascii\-normalise=FILE\fR
Create normalised text file from ascii source.
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-utf16\-decode=FILE\fR
Decode UTF16 encoded data.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR FILE ANALYSIS"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
doc update git-svn: trunk@1196
2004-12-19 01:11:59 +00:00
\fB\-\-vba=FILE\fR
Extract VBA/Word6 macros from given MS Office document.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
doc update git-svn: trunk@1196
2004-12-19 01:11:59 +00:00
\fB\-\-vba\-hex=FILE\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Extract Word6 macros from given MS Office document and display the corresponding hex values.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-print\-certs=FILE\fR
Print Authenticode details from a PE file.
.TP
\fB\-\-hex\-dump\fR
Read data from stdin and write hex string to stdout.
.SH "COMMANDS FOR WORKING WITH CVDS"
.LP
.TP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
\fB\-i, \-\-info\fR
Print a CVD information and verify MD5 and a digital signature.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.TP
bb17595 - man page improvements.
2016-10-18 15:47:42 -04:00
\fB\-\-build=FILE, \-b FILE\fR
Build a CVD file. \-s, \-\-server is required for signed virus databases(.cvd), or, \-\-unsigned for unsigned(.cud).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-max\-bad\-sigs=NUMBER\fR
Maximum number of mismatched signatures when building a CVD. Default: 3000
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-flevel\fR
Specify a custom flevel. Default: 77
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-cvd\-version\fR
Specify the version number to use for the build. Default is to use the value+1
Apply patch from Scott Kitterman to correctly escape dashes in sigtool and clamsubmit man pages
2014-09-17 21:44:31 -04:00
from the current CVD in \-\-datadir. If no datafile is found the default
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
behaviour is to prompt for a version number, this switch will prevent the
prompt.
Apply patch from Scott Kitterman to correctly escape dashes in sigtool and clamsubmit man pages
2014-09-17 21:44:31 -04:00
NOTE: If a CVD is found in the \-\-datadir its version+1 is used and this value is ignored.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-no\-cdiff\fR
sigtool: add support for building unsigned dbs (--unsigned) libclamav: handle unsigned db files (.cud)
2011-05-10 21:29:49 +02:00
Don't create a .cdiff file when building a new database file.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-hybrid\fR
Create a hybrid (standard and bytecode) database file.
.TP
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
\fB\-\-unsigned\fR
bb17595 - man page improvements.
2016-10-18 15:47:42 -04:00
Create a database file without digital signatures (.cud).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-server=ADDR\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
ClamAV Signing Service address (for virus database maintainers only).
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
.TP
sigtool/sigtool.c: add --datadir (bb#2063)
2010-06-08 16:34:59 +02:00
\fB\-\-unpack=FILE, \-u FILE\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Unpack FILE (CVD) to a current directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.TP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
\fB\-\-unpack\-current\fR
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
Unpack a local CVD file (main or daily) to current directory.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR WORKING WITH CDIFF PATCH FILES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-diff=OLD NEW, \-d OLD NEW\fR
Create a diff file for OLD and NEW CVDs/INCDIRs.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
--compare cosmetics
2011-12-07 14:53:33 +01:00
\fB\-\-compare=OLD NEW, \-c OLD NEW\fR
This command will compare two text files and print differences in a cdiff format.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-run\-cdiff=FILE, \-r FILE\fR
Execute update script FILE in current directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
various updates and fixes git-svn: trunk@2713
2007-02-12 18:38:32 +00:00
\fB\-\-verify\-cdiff=FILE, \-r FILE\fR
Verify DIFF against CVD/INCDIR.
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
.SH "COMMANDS FOR CREATING AND VERIFYING DETACHED DIGITAL SIGNATURES"
.LP
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-sign\fR
Sign a file. The resulting .sign file name will be in the form: dbname\-version.cvd.sign
or FILE.sign for non\-CVD targets. It will be created next to the target file.
If a .sign file already exists, then the new signature will be appended to file.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-key=FILE\fR
Specify a signing key.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-cert=FILE\fR
Specify a signing cert. May be used more than once to add intermediate and root certificates.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-append\fR
Use to add a signature line to an existing .sign file. Otherwise an existing .sign file will be overwritten.
Updates to sigtool man page documentation for previously developed features.
2014-03-14 17:20:45 -04:00
.TP
Sigtool: Add vba macro support for OOXML files Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback function and add clcb_generic_data handler prototype to the clamav.h public API. The cb_vba callback function will be run whenever VBA is extracted from office documents. The provided data will be a normalized copy of the original VBA. This callback is added to support Sigtool so it can use the same VBA extraction logic as when scanning documents. Change the Sigtool temp directory creation for any commands that use temp directories so that you can select a custom temp directory with the `--tempdir=PATH` option, and can retain the temp files with the `--leave-temps` option. Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output. Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
2023-03-02 17:23:46 -08:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-verify\fR
Find and verify a detached digital signature for the given file.
The digital signature file name must be in the form: dbname\-version.cvd.sign or FILE.sign for non-CVD targets.
It must be found next to the target file.
Sigtool: Add vba macro support for OOXML files Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback function and add clcb_generic_data handler prototype to the clamav.h public API. The cb_vba callback function will be run whenever VBA is extracted from office documents. The provided data will be a normalized copy of the original VBA. This callback is added to support Sigtool so it can use the same VBA extraction logic as when scanning documents. Change the Sigtool temp directory creation for any commands that use temp directories so that you can select a custom temp directory with the `--tempdir=PATH` option, and can retain the temp files with the `--leave-temps` option. Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output. Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
2023-03-02 17:23:46 -08:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fB\-\-cvdcertsdir=DIR\fR
Specify a directory containing the root CA cert needed to verify the signature.
If not provided, then sigtool will look in the default certs directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.SH "ENVIRONMENT VARIABLES"
.LP
Sigtool uses the following environment variables:
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fBSIGNDUSER\fR
The username to authenticate with the signing server when building a signed CVD database.
.TP
\fBSIGNDPASS\fR
The password to authenticate with the signing server when building a signed CVD database.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.TP
FIPS-compliant CVD signing and verification Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
2024-11-21 14:01:09 -05:00
\fBCVD_CERTS_DIR\fR
Specify a directory containing the root CA cert needed to verify detached CVD digital signatures. If not provided, then sigtool will look in the default directory.
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "EXAMPLES"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
.TP
add new features git-svn: trunk@765
2004-08-18 15:22:48 +00:00
Generate hex string from testfile and save it to testfile.hex:
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
\fBcat testfile | sigtool \-\-hex\-dump > testfile.hex\fR
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "CREDITS"
Please check the full documentation for credits.
.SH "AUTHOR"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
Big update git-svn: trunk@109
2003-11-11 22:10:27 +00:00
Tomasz Kojm <tkojm@clamav.net>
Initial revision git-svn: trunk@4
2003-07-29 15:37:11 +00:00
.SH "SEE ALSO"
Manpages: Add environment variables to the docs The CURL_CA_BUNDLE environment variable used by freshclam & clamsubmit to specify a custom path to a CA bundle is undocumented. Feature was added here: https://bugzilla.clamav.net/show_bug.cgi?id=12504 Resolves: https://github.com/Cisco-Talos/clamav/issues/175 Also document: - clamd/clamscan: using LD_LIBRARY_PATH to find libclamunrar_iface.so/dylib - sigtool: using SIGNDUSER, SIGNDPASS for auth creds when building CVD This info also needs to be added to the online documentation.
2021-08-17 09:52:46 -07:00
.LP
update 'SEE ALSO' (bb#2006)
2010-05-06 17:02:53 +02:00
freshclam(1), freshclam.conf(5)
Reference in a new issue Copy permalink