Sourcefire VRT Rules Update

Date: 2012-01-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20881 <-> ENABLED <-> SPECIFIC-THREATS Microsoft embedded packager object with .application extension bypass attempt (specific-threats.rules)
 * 1:20916 <-> DISABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20875 <-> DISABLED <-> WEB-ACTIVEX ShockwaveFlash.ShockwaveFlash ActiveX clsid access (web-activex.rules)
 * 1:20840 <-> DISABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20895 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20869 <-> DISABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20858 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java getSoundBank overflow Attempt malicious jar file (specific-threats.rules)
 * 1:20861 <-> DISABLED <-> EXPLOIT Autodesk Maya dangerous scripting method attempt (exploit.rules)
 * 1:20847 <-> ENABLED <-> WEB-ACTIVEX Oracle Hyperion strategic finance client SetDevNames heap buffer overflow ActiveX function call access (web-activex.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20894 <-> DISABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20872 <-> DISABLED <-> WEB-MISC Worldweaver DX Studio Player shell.execute command execution attempt (web-misc.rules)
 * 1:20876 <-> DISABLED <-> EXPLOIT IBM solidDB solid.exe authentication bypass attempt (exploit.rules)
 * 1:20833 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lilupophilupop.com (blacklist.rules)
 * 1:20837 <-> ENABLED <-> BACKDOOR Win32.Mecklow.C runtime traffic detected (backdoor.rules)
 * 1:20841 <-> DISABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20873 <-> DISABLED <-> POLICY TRACE attempt (policy.rules)
 * 1:20877 <-> ENABLED <-> BOTNET-CNC RunTime Worm.Win32.Warezov.gs outbound connection (botnet-cnc.rules)
 * 1:20859 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20866 <-> DISABLED <-> WEB-MISC Jive Software Openfire audit-policy.jsp XSS attempt (web-misc.rules)
 * 1:20860 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20864 <-> DISABLED <-> WEB-MISC Jive Software Openfire group-summary.jsp XSS attempt (web-misc.rules)
 * 1:20867 <-> DISABLED <-> WEB-MISC Jive Software Openfire server-properties.jsp XSS attempt (web-misc.rules)
 * 1:20853 <-> DISABLED <-> EXPLOIT DAZ Studio dangerous scripting method attempt (exploit.rules)
 * 1:20868 <-> DISABLED <-> WEB-MISC Jive Software Openfire muc-room-edit-form.jsp XSS attempt (web-misc.rules)
 * 1:20854 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20845 <-> ENABLED <-> WEB-MISC HP Network Node Manager cross site scripting attempt (web-misc.rules)
 * 1:20862 <-> DISABLED <-> WEB-MISC Jive Software Openfire logviewer.jsp XSS attempt (web-misc.rules)
 * 1:20897 <-> DISABLED <-> FILE-IDENTIFY MIDI file magic detection (file-identify.rules)
 * 1:20830 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banbra.amdu outbound connection (botnet-cnc.rules)
 * 1:20843 <-> ENABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20835 <-> ENABLED <-> WEB-ACTIVEX Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (web-activex.rules)
 * 1:20842 <-> ENABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20874 <-> DISABLED <-> EXPLOIT IBM Tivoli Storage Manager Express Backup initialization packet (exploit.rules)
 * 1:20878 <-> ENABLED <-> NETBIOS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (netbios.rules)
 * 1:20871 <-> DISABLED <-> WEB-MISC Worldweaver DX Studio Player shell.execute command execution attempt (web-misc.rules)
 * 1:20879 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (web-client.rules)
 * 1:20880 <-> ENABLED <-> SPECIFIC-THREATS Microsoft DirectShow Line 21 decoder exploit attempt (specific-threats.rules)
 * 1:20882 <-> DISABLED <-> WEB-CLIENT Microsoft embedded packager object identifier (web-client.rules)
 * 1:20883 <-> ENABLED <-> WEB-CLIENT Microsoft embedded packager object with .application extension bypass attempt (web-client.rules)
 * 1:20884 <-> ENABLED <-> WEB-CLIENT Microsoft Anti-Cross Site Scripting library bypass attempt (web-client.rules)
 * 1:20886 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel use after free attempt (specific-threats.rules)
 * 1:20906 <-> DISABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20865 <-> DISABLED <-> WEB-MISC Jive Software Openfire user-properties.jsp XSS attempt (web-misc.rules)
 * 1:20903 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20908 <-> DISABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20888 <-> DISABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20891 <-> ENABLED <-> BOTNET-CNC Win32.VB.adbp runtime traffic detected (botnet-cnc.rules)
 * 1:20855 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20904 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20893 <-> DISABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20902 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20901 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works WkImgSrv.dll ActiveX control exploit attempt (specific-threats.rules)
 * 1:20892 <-> ENABLED <-> BOTNET-CNC Worm.Win32.Skopvel.A runtime traffic detected (botnet-cnc.rules)
 * 1:20898 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20890 <-> ENABLED <-> BOTNET-CNC Win32.VB.adbp runtime traffic detected (botnet-cnc.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20844 <-> ENABLED <-> BOTNET-CNC Win32.Banker.smxy runtime traffic detected (botnet-cnc.rules)
 * 1:20839 <-> DISABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20836 <-> ENABLED <-> BOTNET-CNC Win32.Zusy.A runtime traffic detected (botnet-cnc.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20917 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20848 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20831 <-> ENABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:20922 <-> ENABLED <-> WEB-CLIENT Adobe Reader embedded BMP bit count integer overflow attempt (web-client.rules)
 * 1:20911 <-> DISABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20850 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20912 <-> DISABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20907 <-> DISABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20923 <-> ENABLED <-> WEB-CLIENT Adobe Reader embedded BMP bit count integer overflow attempt (web-client.rules)
 * 1:20852 <-> DISABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20920 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader DCT dequantizer memory corruption attempt (specific-threats.rules)
 * 1:20905 <-> DISABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20909 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20889 <-> ENABLED <-> EXPLOIT Video Spirit visprj buffer overflow (exploit.rules)
 * 1:20900 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player MIDI note number integer overflow attempt (web-client.rules)
 * 1:20921 <-> ENABLED <-> WEB-CLIENT Adobe Reader embedded BMP colors used integer overflow attempt (web-client.rules)
 * 1:20846 <-> ENABLED <-> WEB-ACTIVEX Oracle Hyperion strategic finance client SetDevNames heap buffer overflow ActiveX clsid access (web-activex.rules)
 * 1:20915 <-> DISABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20885 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel use after free attempt (specific-threats.rules)
 * 1:20870 <-> DISABLED <-> EXPLOIT Autodesk 3D Studio Maxscript dangerous scripting method attempt (exploit.rules)
 * 1:20863 <-> DISABLED <-> WEB-MISC Jive Software Openfire log.jsp XSS attempt (web-misc.rules)
 * 1:20910 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20914 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20832 <-> ENABLED <-> WEB-MISC Symantec IM Manager administrator interface SQL injection attempt (web-misc.rules)
 * 1:20919 <-> ENABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader BMP color unused corruption (specific-threats.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20834 <-> ENABLED <-> WEB-ACTIVEX Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (web-activex.rules)
 * 1:20913 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20838 <-> ENABLED <-> BACKDOOR Win32.Smokebot.A runtime traffic detected (backdoor.rules)
 * 1:20887 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel use after free attempt (specific-threats.rules)

Modified Rules:


 * 1:20796 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20814 <-> DISABLED <-> WEB-CLIENT Mozilla favicon href javascript execution attempt (web-client.rules)
 * 1:20820 <-> ENABLED <-> WEB-CLIENT Oracle Java JNLP parameter argument injection attempt (web-client.rules)
 * 1:13970 <-> ENABLED <-> WEB-CLIENT Microsoft Office eps filters memory corruption attempt (web-client.rules)
 * 1:15079 <-> DISABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:14721 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response andx attempt   (netbios.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15237 <-> DISABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:20824 <-> ENABLED <-> DOS generic web server hashing collision attack (dos.rules)
 * 1:20828 <-> ENABLED <-> WEB-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (web-iis.rules)
 * 1:16691 <-> DISABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:15526 <-> ENABLED <-> EXPLOIT Microsoft Works 4.x converter font name buffer overflow attempt (exploit.rules)
 * 1:16766 <-> ENABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules)
 * 1:20799 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20744 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (web-client.rules)
 * 1:20793 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Windows Media Player playlist download (file-identify.rules)
 * 1:15239 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:14724 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode andx attempt   (netbios.rules)
 * 1:20750 <-> DISABLED <-> FILE-IDENTIFY webm file magic detection (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:2103 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:20765 <-> ENABLED <-> WEB-CLIENT Microsoft Windows 7 x86-64 Safari Browser iFrame DoS Attempt (web-client.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:20798 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20768 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20792 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:20770 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:14719 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response little endian andx attempt   (netbios.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:15436 <-> DISABLED <-> EXPLOIT IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (exploit.rules)
 * 1:20771 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20284 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:14720 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian andx attempt   (netbios.rules)
 * 1:15013 <-> DISABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15157 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt (web-client.rules)
 * 1:20800 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:14717 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian andx attempt   (netbios.rules)
 * 1:14723 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX andx attempt   (netbios.rules)
 * 1:15302 <-> ENABLED <-> DOS Microsoft Exchange System Attendant denial of service attempt (dos.rules)
 * 1:15238 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime for Java toQTPointer function memory corruption attempt (specific-threats.rules)
 * 1:14722 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode andx attempt   (netbios.rules)
 * 1:14653 <-> ENABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Windows Media download detection (file-identify.rules)
 * 1:1411 <-> DISABLED <-> SNMP public access udp (snmp.rules)
 * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:15299 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:20751 <-> DISABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20772 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:4134 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer blnmgr clsid attempt (web-client.rules)
 * 1:20795 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:7036 <-> ENABLED <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7200 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information null string overflow attempt (web-client.rules)
 * 1:7201 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word summary information null string overflow attempt (web-client.rules)
 * 1:7202 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:7203 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word information string overflow attempt (web-client.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:8063 <-> DISABLED <-> WEB-ACTIVEX ADODB.Stream ActiveX function call access (web-activex.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Publisher file magic detection (file-identify.rules)
 * 1:9639 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detection (file-identify.rules)
 * 1:9845 <-> DISABLED <-> FILE-IDENTIFY M3U file magic detection (file-identify.rules)
 * 1:15575 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detection (file-identify.rules)
 * 1:15727 <-> ENABLED <-> POLICY attempted download of a PDF with embedded Flash over http (policy.rules)
 * 1:15303 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (web-client.rules)
 * 1:15865 <-> DISABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:20721 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher PLC object memory corruption attempt (web-client.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:20488 <-> DISABLED <-> FILE-IDENTIFY MachO Little Endian file magic detection (file-identify.rules)
 * 1:15946 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (web-client.rules)
 * 1:14654 <-> ENABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:16061 <-> DISABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:15306 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detection (file-identify.rules)
 * 1:12182 <-> DISABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file magic detection (file-identify.rules)
 * 1:16062 <-> DISABLED <-> MISC ACD Systems ACDSee Products XPM values section buffer overflow attempt (misc.rules)
 * 1:12283 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detection (file-identify.rules)
 * 1:16143 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detection (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:20504 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20516 <-> DISABLED <-> FILE-IDENTIFY caff file magic detection (file-identify.rules)
 * 1:12284 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (web-client.rules)
 * 1:12285 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel Workspace file download request (file-identify.rules)
 * 1:16168 <-> ENABLED <-> DOS Microsoft SMBv2 integer overflow denial of service attempt (dos.rules)
 * 1:12286 <-> ENABLED <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules)
 * 1:16205 <-> DISABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file download request (file-identify.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file magic detection (file-identify.rules)
 * 1:12641 <-> ENABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detection (file-identify.rules)
 * 1:16219 <-> DISABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detection (file-identify.rules)
 * 1:15437 <-> DISABLED <-> EXPLOIT IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (exploit.rules)
 * 1:14718 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode little endian andx attempt   (netbios.rules)
 * 1:13316 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules)
 * 1:13317 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules)
 * 1:13318 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules)
 * 1:16224 <-> ENABLED <-> WEB-CLIENT Apple iTunes invalid tref box exploit attempt (web-client.rules)
 * 1:16286 <-> DISABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16318 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:16406 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:13319 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules)
 * 1:13320 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:16407 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20212 <-> DISABLED <-> MISC SSL CBC encryption mode weakness brute force attempt (misc.rules)
 * 1:16425 <-> DISABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules)
 * 1:13466 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section length headers memory corruption attempt (web-client.rules)
 * 1:13584 <-> DISABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:16434 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detection (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detection (file-identify.rules)
 * 1:13626 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detection (file-identify.rules)
 * 1:16435 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detection (file-identify.rules)
 * 1:13629 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detection (file-identify.rules)
 * 1:16436 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90,v2.93-3.00 packed file magic detection (file-identify.rules)
 * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detection (file-identify.rules)
 * 1:16475 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detection (file-identify.rules)
 * 1:16476 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:19211 <-> DISABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:16535 <-> ENABLED <-> EXPLOIT Microsoft Office Visio improper attribute code execution attempt (exploit.rules)
 * 1:16536 <-> ENABLED <-> EXPLOIT Microsoft Office Visio off-by-one in array index code execution attempt (exploit.rules)
 * 1:16660 <-> ENABLED <-> DOS SharePoint Server 2007 help.aspx denial of service attempt (dos.rules)
 * 1:16683 <-> ENABLED <-> WEB-MISC Nullsoft Winamp CAF file processing integer overflow attempt (web-misc.rules)
 * 1:16684 <-> ENABLED <-> DOS Samba smbd Session Setup AndX security blob length dos attempt (dos.rules)
 * 1:16167 <-> ENABLED <-> DOS Microsoft LSASS integer wrap denial of service attempt (dos.rules)
 * 1:16692 <-> DISABLED <-> WEB-CLIENT BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (web-client.rules)
 * 1:16696 <-> DISABLED <-> WEB-CLIENT Astonsoft Deepburner db file path buffer overflow attempt (web-client.rules)
 * 1:16744 <-> DISABLED <-> WEB-CLIENT Worldweaver DX Studio Player plug-in command injection attempt (web-client.rules)
 * 1:16752 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (web-client.rules)
 * 1:16762 <-> ENABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules)
 * 1:17802 <-> DISABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16764 <-> ENABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules)
 * 1:17150 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 3 (web-client.rules)
 * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detection (file-identify.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detection (file-identify.rules)
 * 1:18537 <-> ENABLED <-> WEB-CLIENT OpenOffice.org XPM file processing integer overflow attempt (web-client.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17304 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section header index table stack overflow attempt (web-client.rules)
 * 1:17314 <-> DISABLED <-> FILE-IDENTIFY OLE Document file magic detection (file-identify.rules)
 * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17363 <-> ENABLED <-> WEB-CLIENT Apple computer finder DMG volume name memory corruption (web-client.rules)
 * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17574 <-> ENABLED <-> SPECIFIC-THREATS Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:13630 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detection (file-identify.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17732 <-> DISABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:18983 <-> ENABLED <-> FILE-IDENTIFY Apple Mach-O executable file magic detection (file-identify.rules)
 * 1:17750 <-> ENABLED <-> DOS Microsoft IIS 7.5 client verify null pointer attempt (dos.rules)
 * 1:17776 <-> ENABLED <-> WEB-CLIENT Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (web-client.rules)
 * 1:17727 <-> ENABLED <-> SPECIFIC-THREATS Sun JDK image parsing library ICC buffer overflow attempt (specific-threats.rules)
 * 1:17801 <-> DISABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detection (file-identify.rules)
 * 1:18415 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio deserialization double free attempt (specific-threats.rules)
 * 1:18416 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:16703 <-> ENABLED <-> WEB-MISC Oracle MySQL Database COM_FIELD_LIST Buffer Overflow attempt (web-misc.rules)
 * 1:18417 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:18515 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio VSD file icon memory corruption (specific-threats.rules)
 * 1:17259 <-> DISABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:18615 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18616 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18634 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Workspace file FontCount record memory corruption attempt (web-client.rules)
 * 1:18755 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio Data Type Memory Corruption (specific-threats.rules)
 * 1:19128 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detection (file-identify.rules)
 * 1:19129 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detection (file-identify.rules)
 * 1:19148 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (web-client.rules)
 * 1:19166 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detection (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detection (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:13633 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detection (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> DISABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19431 <-> ENABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19432 <-> ENABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19445 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Timecode header RCE attempt (web-client.rules)
 * 1:19446 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media file name header RCE attempt (web-client.rules)
 * 1:19447 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media content type header RCE attempt (web-client.rules)
 * 1:19448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media pixel aspect ratio header RCE attempt (web-client.rules)
 * 1:19450 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:13678 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file download request (file-identify.rules)
 * 1:19907 <-> DISABLED <-> FILE-IDENTIFY PICT file magic detection (file-identify.rules)
 * 1:20055 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java runtime JPEGImageReader overflow attempt (specific-threats.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:20172 <-> ENABLED <-> FILE-IDENTIFY Metastock mwl file magic detection (file-identify.rules)
 * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20279 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detection (file-identify.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20283 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:20287 <-> DISABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:19449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detection (file-identify.rules)
 * 1:20474 <-> DISABLED <-> FILE-IDENTIFY Symantec file magic detection (file-identify.rules)
 * 1:19444 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media sample duration header RCE attempt (web-client.rules)
 * 1:20487 <-> DISABLED <-> FILE-IDENTIFY 7zip file magic detection (file-identify.rules)
 * 1:20489 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detection (file-identify.rules)
 * 1:20490 <-> DISABLED <-> FILE-IDENTIFY MachO Big Endian file magic detection (file-identify.rules)
 * 1:20491 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detection (file-identify.rules)
 * 1:20492 <-> DISABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detection (file-identify.rules)
 * 1:20493 <-> DISABLED <-> FILE-IDENTIFY jarpack file magic detection (file-identify.rules)
 * 1:20500 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20501 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:15240 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:13801 <-> DISABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13888 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13889 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:20502 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:13983 <-> DISABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:13890 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:15158 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:20503 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:13893 <-> ENABLED <-> WEB-CLIENT Microsoft malformed saved search heap corruption attempt (web-client.rules)
 * 1:13911 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:20513 <-> DISABLED <-> FILE-IDENTIFY ffmpeg file magic detection (file-identify.rules)
 * 1:15241 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules)
 * 1:13915 <-> DISABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:20514 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detection (file-identify.rules)
 * 1:20515 <-> DISABLED <-> FILE-IDENTIFY ivr file magic detection (file-identify.rules)
 * 1:20518 <-> DISABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> DISABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20544 <-> DISABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20520 <-> DISABLED <-> FILE-IDENTIFY vmd file magic detection (file-identify.rules)
 * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detection (file-identify.rules)
 * 1:20559 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI file buffer overflow attempt (web-client.rules)
 * 1:20593 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit libxslt arbitrary file creation attempt (web-client.rules)
 * 1:20621 <-> DISABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20659 <-> ENABLED <-> WEB-CLIENT Adobe Reader malformed shading modifier heap corruption attempt (web-client.rules)
 * 1:20723 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20727 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox user interface event dispatcher dos attempt (web-client.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 3:17300 <-> ENABLED <-> MULTIMEDIA MPlayer demux_open_vqf TwinVQ file handling buffer overflow attempt (multimedia.rules)
 * 3:13676 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI emf filename buffer overflow attempt (web-client.rules)
 * 3:16531 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules)
 * 3:15433 <-> ENABLED <-> WEB-CLIENT Winamp MAKI parsing integer overflow attempt (web-client.rules)
 * 3:14254 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14252 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14253 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:13798 <-> ENABLED <-> WEB-CLIENT Microsoft malware protection engine denial of service attempt (web-client.rules)
 * 3:20825 <-> ENABLED <-> DOS generic web server hashing collision attack (dos.rules)
 * 3:17700 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer wav chunk string overflow attempt (web-client.rules)
 * 3:15298 <-> ENABLED <-> WEB-CLIENT Microsoft Visio could allow remote code execution (web-client.rules)
 * 3:13666 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI integer overflow attempt (web-client.rules)
 * 3:13308 <-> ENABLED <-> WEB-MISC Apache HTTP server auth_ldap logging function format string vulnerability (web-misc.rules)
 * 3:15300 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer EMF polyline overflow attempt (web-client.rules)