I forgot to add some syntax that can be used in the sigs for the current version of ClamWin, which is a wildcard.
-----------------------------------------------------
Wildcards

There may be a scenario where you want to include 2 hex strings your definition.
Although this isn't a perfect example, it is similar to this programming syntax:
if(virus.contains(HexString1) && virus.contains(HexString2))
virus.quarantine();
This wildcard syntax is similar to that, however, the first hex string has to appear before the second hex string.

So heres an example, you have :
Hex String 1=38425053000100000000000000030000

and...

Hex String 2=000000000003842494D0******0000012293C3F787061636B657420626567696E3D27

that appear in different places in the virus. Some virus are polymorphic, and their contents will change. Although, some of these so called polymorphic worms will maintain some areas that don't change. This is a scenario where a signature like this is helpful.

The way to combine these strings is with the wildcard *. This is not the typical wildcard, where it means it can be any byte, but instead it can be any NUMBER of ANY TYPE of bytes. Here is the signature that requires those 2 strings, appearing one after another.

The signature:

Dork.ZC.A (Soda)=38425053000100000000000000030000*000000000003842494D0******0000012293C3F787061636B657420626567696E3D27

This means it will need to have the hex string before the *, and the second string anywhere after the first hex string.
----------------------------------------------------
ClamAV is allowing more complex signatures in version .80, and to help learn them myself, I will be writing a second tutorial to cover it. It will include more wildcards, MD5 signatures, offsets, target types, extended signatures, and some other stuff I think will help speed up scanning.

BTW Thanks to everyone for the big response to this tutorial. Even though I got no Chipotle.

I can't eat greenies man.