Sourcefire VRT Rules Update

Date: 2011-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20528 <-> DISABLED <-> WEB-MISC Apache mox_proxy reverse proxy information disclosure (web-misc.rules)
 * 1:20531 <-> ENABLED <-> WEB-MISC HP OpenView Storage Data Protector directory traversal attempt (web-misc.rules)
 * 1:20534 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel IPMT record buffer overflow attempt (specific-threats.rules)
 * 1:20533 <-> DISABLED <-> WEB-PHP php tiny shell upload attempt (web-php.rules)
 * 1:20527 <-> ENABLED <-> BOTNET-CNC Sirefef initial C&C connection outbound connection (botnet-cnc.rules)
 * 1:20530 <-> ENABLED <-> WEB-MISC HP OpenView Storage Data Protector directory traversal attempt (web-misc.rules)
 * 1:20529 <-> ENABLED <-> EXPLOIT Oracle Java trusted method chaining attempt (exploit.rules)
 * 1:20532 <-> ENABLED <-> WEB-MISC HP OpenView Storage Data Protector get file buffer overflow attempt (web-misc.rules)

Modified Rules:


 * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules)
 * 1:20463 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:19875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jaifr.com - Win32/Morto.A (blacklist.rules)
 * 1:19530 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lkaturl11.com - TDL4 (blacklist.rules)
 * 1:19514 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cap0itchaa.com - TDL4 (blacklist.rules)
 * 1:20172 <-> ENABLED <-> FILE-IDENTIFY Metastock mwl file magic detection (file-identify.rules)
 * 1:19877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jifr.co.cc - Win32/Morto.A (blacklist.rules)
 * 1:19543 <-> DISABLED <-> BLACKLIST DNS request for known malware domain u101mnay2k.com - TDL4 (blacklist.rules)
 * 1:19526 <-> DISABLED <-> BLACKLIST DNS request for known malware domain l04undreyk.com - TDL4 (blacklist.rules)
 * 1:20502 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:19517 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gd6a15ja813.com - TDL4 (blacklist.rules)
 * 1:19510 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 86b6b6b6.com - TDL4 (blacklist.rules)
 * 1:19525 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kur1k0nona.com - TDL4 (blacklist.rules)
 * 1:20503 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20465 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:19508 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 7gaur15eb71.com - TDL4 (blacklist.rules)
 * 1:19539 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rukkeianno.in - TDL4 (blacklist.rules)
 * 1:20070 <-> ENABLED <-> FILE-IDENTIFY BIN file download request (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:19529 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lkaturi71.com - TDL4 (blacklist.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:19505 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 4tag16ag100.com - TDL4 (blacklist.rules)
 * 1:19504 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 4gat16ag100.com - TDL4 (blacklist.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:19545 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xx87lhfda88.com - TDL4 (blacklist.rules)
 * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:19768 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sxzyong.com (blacklist.rules)
 * 1:19512 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 9669b6b96b.com - TDL4 (blacklist.rules)
 * 1:19537 <-> DISABLED <-> BLACKLIST DNS request for known malware domain nyewrika.in - TDL4 (blacklist.rules)
 * 1:19527 <-> DISABLED <-> BLACKLIST DNS request for known malware domain li1i16b0.com - TDL4 (blacklist.rules)
 * 1:19880 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qfsl.co.cc - Win32/Morto.A (blacklist.rules)
 * 1:19516 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dg6a51ja813.com - TDL4 (blacklist.rules)
 * 1:19662 <-> DISABLED <-> BLACKLIST DNS request for known malware domain keshmoney.biz (blacklist.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:19532 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lo4undreyk.com - TDL4 (blacklist.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20027 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sb.degreesbuy.com (blacklist.rules)
 * 1:19513 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cap01tchaa.com - TDL4 (blacklist.rules)
 * 1:19531 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lkaturl71.com - TDL4 (blacklist.rules)
 * 1:19664 <-> DISABLED <-> BLACKLIST DNS request for known malware domain smellypussy.info (blacklist.rules)
 * 1:20526 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kasperskychk.dyndns.org (blacklist.rules)
 * 1:19540 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rukkieanno.in - TDL4 (blacklist.rules)
 * 1:19881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qfsl.co.be - Win32/Morto.A (blacklist.rules)
 * 1:20461 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detection (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:19734 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 770304123.cn (blacklist.rules)
 * 1:20466 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20499 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detection (file-identify.rules)
 * 1:19522 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kai817hag10.com - TDL4 (blacklist.rules)
 * 1:20467 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:19541 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh01cilewk.com - TDL4 (blacklist.rules)
 * 1:19523 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kangojim1.com - TDL4 (blacklist.rules)
 * 1:20505 <-> DISABLED <-> FILE-IDENTIFY MDB file magic detection (file-identify.rules)
 * 1:19549 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zz87jhfda88.com - TDL4 (blacklist.rules)
 * 1:19511 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 86b6b96b.com - TDL4 (blacklist.rules)
 * 1:19907 <-> DISABLED <-> FILE-IDENTIFY PICT file magic detection (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:19509 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 7uagr15eb71.com - TDL4 (blacklist.rules)
 * 1:19524 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kangojjm1.com - TDL4 (blacklist.rules)
 * 1:19550 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zz87lhfda88.com - TDL4 (blacklist.rules)
 * 1:19528 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lj1i16b0.com - TDL4 (blacklist.rules)
 * 1:19641 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.registry.cu.cc (blacklist.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:17829 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c7.zxxds.net (blacklist.rules)
 * 1:17896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 113552url.cptgt.com (blacklist.rules)
 * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules)
 * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules)
 * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules)
 * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules)
 * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:19879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jifr.net - Win32/Morto.A (blacklist.rules)
 * 1:19507 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 69b69b6b96b.com - TDL4 (blacklist.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:19643 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.java119.com (blacklist.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:6700 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules)
 * 1:17861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zq2.9wee.com (blacklist.rules)
 * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules)
 * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules)
 * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules)
 * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules)
 * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules)
 * 1:17892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain clickpotato.tv (blacklist.rules)
 * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules)
 * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules)
 * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules)
 * 1:17852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 447.cc (blacklist.rules)
 * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules)
 * 1:17877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain animal36.com (blacklist.rules)
 * 1:17869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain px.mgplatform.com (blacklist.rules)
 * 1:17867 <-> DISABLED <-> BLACKLIST DNS request for known malware domain utm.trk.myfuncards.com (blacklist.rules)
 * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules)
 * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules)
 * 1:17841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain coop.crwdcntrl.net (blacklist.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules)
 * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules)
 * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules)
 * 1:17818 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ktr.t134.net (blacklist.rules)
 * 1:17833 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dsnextgen.com (blacklist.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17832 <-> DISABLED <-> BLACKLIST DNS request for known malware domain img100.xvideos.com (blacklist.rules)
 * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules)
 * 1:17848 <-> DISABLED <-> BLACKLIST DNS request for known malware domain play.unionsky.cn (blacklist.rules)
 * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17823 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.myroitracking.com (blacklist.rules)
 * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules)
 * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules)
 * 1:17820 <-> DISABLED <-> BLACKLIST DNS request for known malware domain myanimalclips.com (blacklist.rules)
 * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules)
 * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules)
 * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17880 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.027dj.com (blacklist.rules)
 * 1:17868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain a.qq2233.com (blacklist.rules)
 * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules)
 * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules)
 * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules)
 * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules)
 * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules)
 * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules)
 * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detection (file-identify.rules)
 * 1:17888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bn.xp1.ru4.com (blacklist.rules)
 * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules)
 * 1:6688 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detection (file-identify.rules)
 * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules)
 * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules)
 * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules)
 * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules)
 * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules)
 * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules)
 * 1:17822 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ics.hotbar.com (blacklist.rules)
 * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules)
 * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules)
 * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules)
 * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules)
 * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules)
 * 1:17890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 114search1.118114.cn (blacklist.rules)
 * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules)
 * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules)
 * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules)
 * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules)
 * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Publisher file magic detection (file-identify.rules)
 * 1:9639 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detection (file-identify.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detection (file-identify.rules)
 * 1:20203 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tarmu.narod.ru (blacklist.rules)
 * 1:19738 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xzrw0q.com (blacklist.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:19506 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 68b6b6b6.com - TDL4 (blacklist.rules)
 * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detection (file-identify.rules)
 * 1:19639 <-> DISABLED <-> BLACKLIST DNS request for known malware domain s0pp0rtdesk.com (blacklist.rules)
 * 1:3819 <-> ENABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:19548 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zz87ihfda88.com - TDL4 (blacklist.rules)
 * 1:20504 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:5740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:18091 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.goodfriends.or.kr (blacklist.rules)
 * 1:19498 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 01n20n4cx00.com - TDL4 (blacklist.rules)
 * 1:20498 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20456 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detection (file-identify.rules)
 * 1:19878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jifr.co.be - Win32/Morto.A (blacklist.rules)
 * 1:20468 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules)
 * 1:19644 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lysyfyj.com (blacklist.rules)
 * 1:19546 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zna61udha01.com - TDL4 (blacklist.rules)
 * 1:19533 <-> DISABLED <-> BLACKLIST DNS request for known malware domain n16fa53.com - TDL4 (blacklist.rules)
 * 1:18079 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com (blacklist.rules)
 * 1:18080 <-> DISABLED <-> BLACKLIST DNS request for known malware domain netrand.house.sina.com.cn (blacklist.rules)
 * 1:17510 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules)
 * 1:18083 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 863.dclsba.com (blacklist.rules)
 * 1:18087 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tiantianzaixian.gotoip1.com (blacklist.rules)
 * 1:18084 <-> DISABLED <-> BLACKLIST DNS request for known malware domain drs317a.gotoip4.com (blacklist.rules)
 * 1:18082 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 3q.sbwanwan.com (blacklist.rules)
 * 1:18081 <-> DISABLED <-> BLACKLIST DNS request for known malware domain wenyixuan.3322.org (blacklist.rules)
 * 1:18086 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qq.sbwanwan.com (blacklist.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:18090 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.comstelecom.com (blacklist.rules)
 * 1:18089 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.auto328.com (blacklist.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:19501 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1il1il1il.com - TDL4 (blacklist.rules)
 * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules)
 * 1:18139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules)
 * 1:19503 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 34jh7alm94.asia - TDL4 (blacklist.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detection (file-identify.rules)
 * 1:18095 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detection (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules)
 * 1:18166 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dfgdd.9y6c.co.cc (blacklist.rules)
 * 1:18116 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules)
 * 1:18270 <-> DISABLED <-> BLACKLIST DNS request for known malware domain koonol.com (blacklist.rules)
 * 1:18105 <-> DISABLED <-> BLACKLIST DNS request for known malware domain baidutaobao.gotoip55.com (blacklist.rules)
 * 1:18093 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules)
 * 1:18160 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules)
 * 1:18134 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules)
 * 1:18164 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MID file download request (file-identify.rules)
 * 1:18107 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com (blacklist.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl (blacklist.rules)
 * 1:18125 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules)
 * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules)
 * 1:18118 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules)
 * 1:18115 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules)
 * 1:18147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules)
 * 1:18157 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules)
 * 1:18114 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules)
 * 1:18092 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules)
 * 1:18119 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules)
 * 1:18159 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules)
 * 1:18163 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules)
 * 1:18109 <-> DISABLED <-> BLACKLIST DNS request for known malware domain talk.cetizen.com (blacklist.rules)
 * 1:18124 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules)
 * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules)
 * 1:18145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules)
 * 1:18141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18127 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules)
 * 1:18155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18103 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules)
 * 1:18140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules)
 * 1:18121 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules)
 * 1:18110 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tiantianzaixian.gotoip1.com (blacklist.rules)
 * 1:18111 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.9y9c.co.cc (blacklist.rules)
 * 1:18106 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules)
 * 1:18113 <-> DISABLED <-> BLACKLIST DNS request for known malware domain wusheng03.3322.org (blacklist.rules)
 * 1:18104 <-> DISABLED <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules)
 * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules)
 * 1:18272 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.886.com (blacklist.rules)
 * 1:18144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules)
 * 1:18133 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules)
 * 1:18184 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.gametime.co.kr (blacklist.rules)
 * 1:18758 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detection (file-identify.rules)
 * 1:18810 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel BIFF v5 file magic detection (file-identify.rules)
 * 1:18128 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules)
 * 1:18117 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:18142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules)
 * 1:18108 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules)
 * 1:18138 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules)
 * 1:19499 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 0imh17agcla.com - TDL4 (blacklist.rules)
 * 1:19470 <-> DISABLED <-> BLACKLIST DNS request for known malware domain antispydot.com - Win32/Cybot.B (blacklist.rules)
 * 1:18130 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules)
 * 1:18275 <-> ENABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18983 <-> ENABLED <-> FILE-IDENTIFY Apple Mach-O executable file magic detection (file-identify.rules)
 * 1:18149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules)
 * 1:18158 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules)
 * 1:18269 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.6bom.com (blacklist.rules)
 * 1:18161 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules)
 * 1:18131 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ybtour.co.kr (blacklist.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19497 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 01n02n4cx00.com - TDL4 (blacklist.rules)
 * 1:18185 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dd0415.net (blacklist.rules)
 * 1:18165 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules)
 * 1:18136 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules)
 * 1:18122 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules)
 * 1:18152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules)
 * 1:18148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules)
 * 1:18162 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules)
 * 1:18268 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 35free.net (blacklist.rules)
 * 1:19496 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 01n02n4cx00.cc - TDL4 (blacklist.rules)
 * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules)
 * 1:18154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules)
 * 1:18129 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detection (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:18143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules)
 * 1:18137 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules)
 * 1:18123 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules)
 * 1:18094 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.theoffstage.com (blacklist.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:18156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules)
 * 1:18183 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mailzou.com (blacklist.rules)
 * 1:18150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules)
 * 1:18135 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:18120 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules)
 * 1:18112 <-> DISABLED <-> BLACKLIST DNS request for known malware domain wenyixuan.3322.org. (blacklist.rules)
 * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules)
 * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules)
 * 1:18271 <-> DISABLED <-> BLACKLIST DNS request for known malware domain move.su (blacklist.rules)
 * 1:18153 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.maoyiren.com (blacklist.rules)
 * 1:19500 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 10n02n4cx00.com - TDL4 (blacklist.rules)
 * 1:19502 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1l1i16b0.com - TDL4 (blacklist.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file magic detection (file-identify.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detection (file-identify.rules)
 * 1:12285 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel Workspace file download request (file-identify.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detection (file-identify.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file magic detection (file-identify.rules)
 * 1:12641 <-> ENABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detection (file-identify.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file download request (file-identify.rules)
 * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detection (file-identify.rules)
 * 1:13626 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detection (file-identify.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13629 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detection (file-identify.rules)
 * 1:13633 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detection (file-identify.rules)
 * 1:13678 <-> DISABLED <-> FILE-IDENTIFY Microsoft EMF metafile access detected (file-identify.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detection (file-identify.rules)
 * 1:13630 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detection (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Windows Media Player playlist download (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15306 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detection (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY VQF file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15575 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detection (file-identify.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15901 <-> ENABLED <-> MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (multimedia.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detection (file-identify.rules)
 * 1:16183 <-> ENABLED <-> WEB-CLIENT Microsoft .NET MSIL CombineImpl suspicious usage  (web-client.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16434 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detection (file-identify.rules)
 * 1:16436 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90,v2.93-3.00 packed file magic detection (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detection (file-identify.rules)
 * 1:16435 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detection (file-identify.rules)
 * 1:16475 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detection (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint .MSProducer file download request (file-identify.rules)
 * 1:16552 <-> ENABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules)
 * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules)
 * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules)
 * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules)
 * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules)
 * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules)
 * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules)
 * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules)
 * 1:16848 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in.chinaitlm.cn - Trojan.VBS.HideIcon.d (blacklist.rules)
 * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules)
 * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules)
 * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules)
 * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules)
 * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules)
 * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules)
 * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules)
 * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules)
 * 1:16857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain site.mynet.com - Trojan.Win32.Buzus.dxsr (blacklist.rules)
 * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules)
 * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules)
 * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules)
 * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain members.multimania.co.uk - Trojan.Win32.Inject.ahqv (blacklist.rules)
 * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules)
 * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules)
 * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules)
 * 1:16867 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.toopc.com - Trojan-Dropper.Win32.Clons.hai (blacklist.rules)
 * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules)
 * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules)
 * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules)
 * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules)
 * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules)
 * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules)
 * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules)
 * 1:16880 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfuu.3322.org - Trojan-Downloader.Win32.Genome.asrx (blacklist.rules)
 * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules)
 * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules)
 * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules)
 * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules)
 * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules)
 * 1:16886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.trymedia.com - Trojan-Dropper.Win32.Delf.fkk (blacklist.rules)
 * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules)
 * 1:16889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain h1.ripway.com - Trojan.Win32.Refroso.bcdq (blacklist.rules)
 * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules)
 * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules)
 * 1:16894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain eq.pccppc.com - Trojan-Downloader.Win32.Pher.fkl (blacklist.rules)
 * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules)
 * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules)
 * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules)
 * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16899 <-> DISABLED <-> BLACKLIST DNS request for known malware domain downloadering.9966.org - Trojan.Win32.Vilsel.adxv (blacklist.rules)
 * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules)
 * 1:16897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sympathy.hdnews.net - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules)
 * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules)
 * 1:16904 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xoomer.alice.it - Trojan-Downloader.Win32.Banload.kdu (blacklist.rules)
 * 1:16905 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xoomer.virgilio.it - Backdoor.Win32.Clar.d (blacklist.rules)
 * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules)
 * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules)
 * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules)
 * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules)
 * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules)
 * 1:17043 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows PIF shortcut file download request (file-identify.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detection (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detection (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detection (file-identify.rules)
 * 1:17387 <-> ENABLED <-> WEB-MISC Apache Tomcat allowLinking URIencoding directory traversal attempt (web-misc.rules)
 * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:19519 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ikaturi11.com - TDL4 (blacklist.rules)
 * 1:19876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jifr.info - Win32/Morto.A (blacklist.rules)
 * 1:19547 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zna81udha01.com - TDL4 (blacklist.rules)
 * 1:19534 <-> DISABLED <-> BLACKLIST DNS request for known malware domain neywrika.in - TDL4 (blacklist.rules)
 * 1:20034 <-> DISABLED <-> EXPLOIT ESTsoft ALZip MIM File Buffer Overflow Attempt (exploit.rules)
 * 1:19663 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tinaivanovic.sexy-serbian-girls.info (blacklist.rules)
 * 1:20469 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20501 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:19535 <-> DISABLED <-> BLACKLIST DNS request for known malware domain nichtadden.in - TDL4 (blacklist.rules)
 * 1:20033 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:19515 <-> DISABLED <-> BLACKLIST DNS request for known malware domain countri1l.com - TDL4 (blacklist.rules)
 * 1:19536 <-> DISABLED <-> BLACKLIST DNS request for known malware domain nl6fa53.com - TDL4 (blacklist.rules)
 * 1:19521 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ka18i7gah10.com - TDL4 (blacklist.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:19520 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jna0-0akq8x.com - TDL4 (blacklist.rules)
 * 1:19538 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rukkeianno.com - TDL4 (blacklist.rules)
 * 1:19542 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sho1cilewk.com - TDL4 (blacklist.rules)
 * 1:19640 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mendi38.com (blacklist.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:20486 <-> DISABLED <-> FILE-IDENTIFY RTF file magic detection (file-identify.rules)
 * 1:20464 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20509 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detection (file-identify.rules)
 * 1:19518 <-> DISABLED <-> BLACKLIST DNS request for known malware domain i0m71gmak01.com - TDL4 (blacklist.rules)
 * 1:19642 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.qqaz.info (blacklist.rules)
 * 1:19544 <-> DISABLED <-> BLACKLIST DNS request for known malware domain u101mnuy2k.com - TDL4 (blacklist.rules)
 * 1:19874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qfsl.net - Win32/Morto.A (blacklist.rules)
 * 1:20500 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20510 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detection (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)