> > You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the > sigs, no need to unpack.
Also works for: sigtool -fSanesecurity.Phishing.Fake.13780 | sigtool --decode-sigs Could a --database type option be added to sigtool, for loading databases outside the normal DatabaseDirectory area from the clamd.conf file? Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml