Sourcefire VRT Rules Update

Date: 2011-09-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:16641 <-> ENABLED <-> WEB-CLIENT Microsoft Excel OBJ record stack buffer overflow attempt - with macro and linkFmla  (web-client.rules)
 * 1:16640 <-> ENABLED <-> WEB-CLIENT Microsoft Excel OBJ record stack buffer overflow attempt - with linkFmla  (web-client.rules)
 * 1:16639 <-> ENABLED <-> WEB-CLIENT Microsoft Excel OBJ record stack buffer overflow attempt - with macro  (web-client.rules)
 * 1:16638 <-> ENABLED <-> WEB-CLIENT Microsoft Excel OBJ record stack buffer overflow attempt  (web-client.rules)
 * 1:16637 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer security zone restriction bypass attempt  (exploit.rules)
 * 1:16634 <-> ENABLED <-> WEB-CLIENT Adobe Flash use-after-free attack  (web-client.rules)
 * 1:16633 <-> ENABLED <-> WEB-CLIENT Adobe PDF File containing Flash use-after-free attack  (web-client.rules)
 * 1:16595 <-> ENABLED <-> POP3 Windows Mail remote code execution attempt  (pop3.rules)
 * 1:16593 <-> ENABLED <-> WEB-CLIENT Microsoft VBE6.dll stack corruption attempt  (web-client.rules)
 * 1:16560 <-> ENABLED <-> WEB-MISC Microsoft Sharepoint XSS attempt  (web-misc.rules)
 * 1:16546 <-> ENABLED <-> EXPLOIT Adobe Reader/Acrobat Pro CFF font parsing heap overflow attempt  (exploit.rules)
 * 1:16545 <-> ENABLED <-> WEB-CLIENT Adobe Reader malformed Richmedia annotation exploit attempt  (web-client.rules)
 * 1:16543 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player codec code execution attempt  (web-client.rules)
 * 1:16542 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Publisher 2007 and earlier stack buffer overflow attempt  (specific-threats.rules)
 * 1:16541 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Service stack overflow attempt  (exploit.rules)
 * 1:16540 <-> ENABLED <-> NETBIOS SMB2 client NetBufferList NULL entry remote code execution attempt  (netbios.rules)
 * 1:16539 <-> ENABLED <-> NETBIOS SMBv1 BytesNeeded ring0 buffer overflow attempt  (netbios.rules)
 * 1:16537 <-> ENABLED <-> EXPLOIT Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt  (exploit.rules)
 * 1:16536 <-> ENABLED <-> EXPLOIT Microsoft Viso off-by-one in array index code execution attempt  (exploit.rules)
 * 1:16535 <-> ENABLED <-> EXPLOIT  Microsoft Viso improper attribute code execution attempt  (exploit.rules)
 * 1:20212 <-> DISABLED <-> MISC SSL CBC encryption mode weakness brute force attempt (misc.rules)
 * 1:20211 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:20210 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20209 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20208 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20207 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20206 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player pcre ActionScript under allocation (specific-threats.rules)
 * 1:20205 <-> ENABLED <-> BOTNET-CNC Win32/Poison beaconing request (botnet-cnc.rules)
 * 1:20204 <-> ENABLED <-> BOTNET-CNC Win32.Trojan.Taidoor outbound connection (botnet-cnc.rules)
 * 1:20203 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tarmu.narod.ru (blacklist.rules)
 * 1:20202 <-> ENABLED <-> BOTNET-CNC OSX.Revir-1 outbound connection (botnet-cnc.rules)
 * 1:20201 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string meterpreter (blacklist.rules)
 * 1:20200 <-> ENABLED <-> SHELLCODE Metasploit meterpreter connection attempt (shellcode.rules)
 * 1:20199 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (shellcode.rules)
 * 1:20198 <-> ENABLED <-> SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (shellcode.rules)
 * 1:20197 <-> ENABLED <-> SHELLCODE Metasploit meterpreter espia_method request/response attempt (shellcode.rules)
 * 1:20196 <-> ENABLED <-> SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (shellcode.rules)
 * 1:20195 <-> ENABLED <-> SHELLCODE Metasploit meterpreter priv_method request/response attempt (shellcode.rules)
 * 1:20194 <-> ENABLED <-> SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (shellcode.rules)
 * 1:20193 <-> ENABLED <-> SHELLCODE Metasploit meterpreter webcam_method request/response attempt (shellcode.rules)
 * 1:20192 <-> ENABLED <-> SHELLCODE Metasploit meterpreter incognito_method request/response attempt (shellcode.rules)
 * 1:20191 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (shellcode.rules)
 * 1:20190 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (shellcode.rules)
 * 1:20189 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (shellcode.rules)
 * 1:20188 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (shellcode.rules)
 * 1:20187 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (shellcode.rules)
 * 1:20186 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (shellcode.rules)
 * 1:20185 <-> ENABLED <-> SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (shellcode.rules)
 * 1:20184 <-> ENABLED <-> SHELLCODE Metasploit php meterpreter stub .php file upload (shellcode.rules)
 * 1:18805 <-> ENABLED <-> EXPLOIT Adobe Flash Player undefined tag exploit attempt  (exploit.rules)
 * 1:18772 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution  (specific-threats.rules)
 * 1:18771 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution  (specific-threats.rules)
 * 1:18740 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Excel sheet object type confusion exploit attempt  (specific-threats.rules)
 * 1:18463 <-> ENABLED <-> EXPLOIT Microsoft MPEG Layer-3 audio heap corruption attempt  (exploit.rules)
 * 1:18297 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt  (web-client.rules)
 * 1:18278 <-> ENABLED <-> NETBIOS Vista Backup Tool fveapi.dll dll-load exploit attempt  (netbios.rules)
 * 1:18277 <-> ENABLED <-> WEB-CLIENT Vista Backup Tool fveapi.dll dll-load exploit attempt  (web-client.rules)
 * 1:18215 <-> ENABLED <-> NETBIOS NETAPI RPC interface reboot attempt  (netbios.rules)
 * 1:18214 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher 97 conversion remote code execution attempt  (specific-threats.rules)
 * 1:18212 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher tyo.oty field heap overflow attempt  (specific-threats.rules)
 * 1:18203 <-> ENABLED <-> NETBIOS Windows Address Book smmscrpt.dll malicious DLL load  (netbios.rules)
 * 1:18202 <-> ENABLED <-> WEB-CLIENT Windows Address Book smmscrpt.dll malicious DLL load  (web-client.rules)
 * 1:18074 <-> ENABLED <-> WEB-CLIENT Forefront UAG URL XSS attempt  (web-client.rules)
 * 1:18073 <-> ENABLED <-> WEB-MISC Microsoft Forefront UAG arbitrary embedded scripting attempt  (web-misc.rules)
 * 1:18072 <-> ENABLED <-> WEB-MISC Microsoft Forefront UAG external redirect attempt  (web-misc.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint integer underflow heap corruption attempt  (web-client.rules)
 * 1:18065 <-> ENABLED <-> EXPLOIT Microsoft PowerPoint converter bad indirection remote code execution attempt  (exploit.rules)
 * 1:17773 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player Firefox plugin memory corruption attempt  (exploit.rules)
 * 1:17752 <-> ENABLED <-> EXPLOIT OpenType Font file parsing denial of service attempt  (exploit.rules)
 * 1:17747 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt  (exploit.rules)
 * 1:17689 <-> ENABLED <-> WEB-CLIENT Internet Explorer userdata behavior memory corruption attempt  (web-client.rules)
 * 1:17688 <-> ENABLED <-> WEB-CLIENT Internet Explorer userdata behavior memory corruption attempt  (web-client.rules)
 * 1:17687 <-> ENABLED <-> EXPLOIT Internet Explorer invalid pointer memory corruption attempt  (exploit.rules)
 * 1:17686 <-> ENABLED <-> EXPLOIT Internet Explorer invalid pointer memory corruption attempt  (exploit.rules)
 * 1:17685 <-> ENABLED <-> EXPLOIT Internet Explorer invalid pointer memory corruption attempt  (exploit.rules)
 * 1:17256 <-> ENABLED <-> WEB-CLIENT Microsoft Windows uniscribe fonts parsing memory corruption attempt  (web-client.rules)
 * 1:17255 <-> ENABLED <-> EXPLOIT Microsoft IIS FastCGI heap overflow attempt  (exploit.rules)
 * 1:17254 <-> ENABLED <-> WEB-MISC Microsoft IIS stack exhaustion DoS attempt  (web-misc.rules)
 * 1:17252 <-> ENABLED <-> NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt  (netbios.rules)
 * 1:17250 <-> ENABLED <-> EXPLOIT Microsoft WordPad sprmTSetBrc80 SPRM overflow attempt  (exploit.rules)
 * 1:17249 <-> ENABLED <-> EXPLOIT Microsoft LSASS integer overflow attempt  (exploit.rules)
 * 1:17204 <-> ENABLED <-> WEB-CLIENT Adobe Director file file mmap overflow attempt  (web-client.rules)
 * 1:17203 <-> ENABLED <-> WEB-CLIENT Adobe Director file file rcsL overflow attempt  (web-client.rules)
 * 1:17202 <-> ENABLED <-> WEB-CLIENT Adobe Director file file Shockwave 3D overflow attempt  (web-client.rules)
 * 1:17200 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM overflow attempt  (web-client.rules)
 * 1:17198 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt  (exploit.rules)
 * 1:17197 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt  (exploit.rules)
 * 1:17196 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt  (exploit.rules)
 * 1:17194 <-> ENABLED <-> EXPLOIT Adobe Director file tSAC tag exploit attempt  (exploit.rules)
 * 1:17193 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt  (exploit.rules)
 * 1:17192 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt  (exploit.rules)
 * 1:17191 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt  (exploit.rules)
 * 1:17190 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt  (exploit.rules)
 * 1:17189 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt  (web-client.rules)
 * 1:17188 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt  (web-client.rules)
 * 1:17187 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt  (web-client.rules)
 * 1:17186 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt  (web-client.rules)
 * 1:17185 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt  (web-client.rules)
 * 1:17184 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt  (web-client.rules)
 * 1:17183 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt  (web-client.rules)
 * 1:17182 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt  (web-client.rules)
 * 1:17181 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt  (web-client.rules)
 * 1:17180 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt  (web-client.rules)
 * 1:17179 <-> ENABLED <-> WEB-CLIENT Adobe Director file pamm record exploit attempt  (web-client.rules)
 * 1:17141 <-> ENABLED <-> EXPLOIT Adobe Flash invalid data precision arbitrary code execution exploit attempt  (exploit.rules)
 * 1:17136 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 6 race condition exploit attempt  (exploit.rules)
 * 1:17135 <-> ENABLED <-> EXPLOIT Microsoft Windows Movie Maker string size overflow attempt  (exploit.rules)
 * 1:17134 <-> ENABLED <-> WEB-CLIENT Microsoft Excel out-of-bounds structure read memory corruption attempt  (web-client.rules)
 * 1:17133 <-> ENABLED <-> WEB-CLIENT MSXML2 ActiveX malformed HTTP response  (web-client.rules)
 * 1:17132 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer invalid object access attempt  (exploit.rules)
 * 1:17131 <-> ENABLED <-> WEB-CLIENT IE8 parent style rendering arbitrary code execution  (web-client.rules)
 * 1:17130 <-> ENABLED <-> WEB-CLIENT IE boundElements arbitrary code execution  (web-client.rules)
 * 1:17129 <-> ENABLED <-> WEB-CLIENT Internet Explorer use-after-free memory corruption attempt  (web-client.rules)
 * 1:17128 <-> ENABLED <-> EXPLOIT Cinepak Codec VIDC decompression remote code execution attempt  (exploit.rules)
 * 1:17125 <-> ENABLED <-> NETBIOS SMB Trans2 MaxDataCount overflow attempt  (netbios.rules)
 * 1:17124 <-> ENABLED <-> WEB-CLIENT Microsoft Word malformed table record memory corruption attempt  (web-client.rules)
 * 1:17123 <-> ENABLED <-> WEB-CLIENT rich text format invalid field size memory corruption attempt  (web-client.rules)
 * 1:17122 <-> ENABLED <-> WEB-CLIENT rich text format unexpected field type memory corruption attempt 3  (web-client.rules)
 * 1:17121 <-> ENABLED <-> WEB-CLIENT rich text format unexpected field type memory corruption attempt 2  (web-client.rules)
 * 1:17120 <-> ENABLED <-> WEB-CLIENT rich text format unexpected field type memory corruption attempt 1  (web-client.rules)
 * 1:17119 <-> ENABLED <-> EXPLOIT Microsoft Word sprmCMajority SPRM overflow attempt  (exploit.rules)
 * 1:17117 <-> ENABLED <-> EXPLOIT Microsoft MPEG Layer-3 audio heap corruption attempt  (exploit.rules)
 * 1:17039 <-> ENABLED <-> EXPLOIT Microsoft Access ACCWIZ library release after free attempt - 2  (exploit.rules)
 * 1:17038 <-> ENABLED <-> EXPLOIT Microsoft Access ACCWIZ library release after free attempt - 1  (exploit.rules)
 * 1:17037 <-> ENABLED <-> WEB-ACTIVEX MS Access multiple control instantiation memory corruption attempt  (web-activex.rules)
 * 1:17036 <-> ENABLED <-> SMTP Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:17035 <-> ENABLED <-> SMTP Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:17034 <-> ENABLED <-> SMTP Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:16801 <-> ENABLED <-> EXPLOIT Adobe Reader CoolType.dll remote memory corruption denial of service attempt  (exploit.rules)
 * 1:16661 <-> ENABLED <-> EXPLOIT quartz.dll MJPEG content processing memory corruption attempt  (exploit.rules)
 * 1:16660 <-> ENABLED <-> DOS SharePoint Server 2007 help.aspx denial of service attempt  (dos.rules)
 * 1:16659 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer style sheet array memory corruption attempt  (exploit.rules)
 * 1:16657 <-> ENABLED <-> WEB-CLIENT Microsoft Excel DBQueryExt record memory corruption attempt  (web-client.rules)
 * 1:16656 <-> ENABLED <-> WEB-CLIENT Microsoft Excel BIFF5 ExternSheet record stack overflow attempt  (web-client.rules)
 * 1:16655 <-> ENABLED <-> WEB-CLIENT Microsoft Excel Lbl record stack overflow attempt  (web-client.rules)
 * 1:16654 <-> ENABLED <-> WEB-CLIENT Microsoft Excel undocumented Publisher record heap buffer overflow attempt  (web-client.rules)
 * 1:16653 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ExternName record stack buffer overflow attempt - 4  (web-client.rules)
 * 1:16652 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ExternName record stack buffer overflow attempt - 3  (web-client.rules)
 * 1:16651 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ExternName record stack buffer overflow attempt - 2  (web-client.rules)
 * 1:16650 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ExternName record stack buffer overflow attempt - 1  (web-client.rules)
 * 1:16648 <-> ENABLED <-> EXPLOIT Microsoft Excel RealTimeData record heap memory corruption attempt - 1  (exploit.rules)
 * 1:16647 <-> ENABLED <-> WEB-CLIENT Microsoft Excel RealTimeData record heap memory corruption attempt - 2  (web-client.rules)
 * 1:16646 <-> ENABLED <-> EXPLOIT Microsoft Excel RealTimeData record stack buffer overflow attempt  (exploit.rules)
 * 1:16645 <-> ENABLED <-> EXPLOIT Microsoft Excel SxView record memory pointer corruption attempt  (exploit.rules)
 * 1:16644 <-> ENABLED <-> EXPLOIT Microsoft Excel WOpt record memory corruption attempt  (exploit.rules)
 * 1:16643 <-> ENABLED <-> WEB-CLIENT Microsoft Excel Chart Sheet Substream memory corruption attempt  (web-client.rules)
 * 1:16512 <-> ENABLED <-> EXPLOIT IE malformed span/div html document heap corruption attempt  (exploit.rules)
 * 1:16511 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by ProgID  (web-activex.rules)
 * 1:16510 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID  (web-activex.rules)
 * 1:16508 <-> ENABLED <-> WEB-CLIENT IE8 non-IE8 compatibility mode htmltime remote code execution attempt  (web-client.rules)
 * 1:16507 <-> ENABLED <-> WEB-CLIENT Internet Explorer onreadystatechange memory corruption attempt  (web-client.rules)
 * 1:16506 <-> ENABLED <-> WEB-CLIENT IE innerHTML against incomplete element heap corruption attempt  (web-client.rules)
 * 1:16503 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer event handling remote code execution attempt  (exploit.rules)
 * 1:16482 <-> ENABLED <-> WEB-CLIENT Internet Explorer userdata behavior memory corruption attempt  (web-client.rules)
 * 1:16471 <-> ENABLED <-> WEB-CLIENT Microsoft Excel DbOrParamQry.fWeb parsing remote code execution attempt  (web-client.rules)
 * 1:16470 <-> ENABLED <-> WEB-CLIENT Microsoft Excel DbOrParamQry.fWeb parsing remote code execution attempt  (web-client.rules)
 * 1:16469 <-> ENABLED <-> WEB-CLIENT Microsoft Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt  (web-client.rules)
 * 1:16468 <-> ENABLED <-> EXPLOIT Microsoft Excel 2007 invalid comments.xml uninitialized pointer access attempt 2  (exploit.rules)
 * 1:16467 <-> ENABLED <-> EXPLOIT Microsoft Excel 2007 invalid comments.xml uninitialized pointer access attempt 1  (exploit.rules)
 * 1:16466 <-> ENABLED <-> EXPLOIT Microsoft Excel uninitialized stack variable code execution attempt  (exploit.rules)
 * 1:16465 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ContinueFRT12 and MDXSet heap overflow attempt  (web-client.rules)
 * 1:16464 <-> ENABLED <-> WEB-CLIENT Microsoft Excel ContinueFRT12 heap overflow attempt  (web-client.rules)
 * 1:16463 <-> ENABLED <-> EXPLOIT Microsoft Excel BIFF5 formulas from records parsing code execution attempt  (exploit.rules)
 * 1:16462 <-> ENABLED <-> EXPLOIT Microsoft Excel BIFF8 formulas from records parsing code execution attempt  (exploit.rules)
 * 1:16461 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Excel EntExU2 write access violation attempt  (specific-threats.rules)
 * 1:16423 <-> ENABLED <-> WEB-CLIENT IE7/8 execute local file in Internet zone redirect attempt  (web-client.rules)
 * 1:16420 <-> ENABLED <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid unicode access  (web-activex.rules)
 * 1:16419 <-> ENABLED <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access  (web-activex.rules)
 * 1:16369 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit  (exploit.rules)
 * 1:16367 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt  (web-client.rules)

Modified Rules:


 * 1:11258 <-> ENABLED <-> WEB-CLIENT Excel Malformed Named Graph Information unicode overflow (web-client.rules)
 * 1:11290 <-> ENABLED <-> WEB-CLIENT Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11317 <-> DISABLED <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules)
 * 1:12256 <-> ENABLED <-> WEB-CLIENT Excel malformed FBI record (web-client.rules)
 * 1:18335 <-> ENABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:18681 <-> ENABLED <-> POLICY download of a PDF with embedded JavaScript - JavaScript string (policy.rules)
 * 1:18682 <-> ENABLED <-> POLICY download of a PDF with OpenAction object (policy.rules)
 * 1:19174 <-> ENABLED <-> WEB-CLIENT Windows Vista feed headlines cross-site scripting attack attempt (web-client.rules)
 * 1:19213 <-> DISABLED <-> SMTP Ipswitch IMail Server Mailing List Message Subject buffer overflow (smtp.rules)
 * 1:19646 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19647 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19648 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:20133 <-> ENABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:7199 <-> ENABLED <-> WEB-CLIENT excel label record overflow attempt (web-client.rules)