Sourcefire VRT Rules Update

Date: 2011-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20575 <-> ENABLED <-> SPECIFIC-THREAT Adobe Reader PDF JBIG2 remote code execution attempt (specific-threats.rules)
 * 1:20579 <-> DISABLED <-> WEB-CLIENT Google Chrome and Apple Safari Ruby before and after memory corruption (web-client.rules)
 * 1:20585 <-> ENABLED <-> WEB-CLIENT Mozilla multiple content-length headers malicious redirect attempt (web-client.rules)
 * 1:20589 <-> DISABLED <-> FILE-IDENTIFY CDR file magic detection (file-identify.rules)
 * 1:20588 <-> DISABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20586 <-> ENABLED <-> WEB-CLIENT Mozilla multiple content-disposition headers malicious redirect attempt (web-client.rules)
 * 1:20578 <-> DISABLED <-> POP3 Qualcomm Eudora url buffer overflow attempt (pop3.rules)
 * 1:20582 <-> DISABLED <-> SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (scada.rules)
 * 1:20580 <-> DISABLED <-> WEB-MISC Apache server mod_proxy reverse proxy exposure attempt (web-misc.rules)
 * 1:20584 <-> ENABLED <-> WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt (web-client.rules)
 * 1:20587 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.Larchik.A backdoor phishing attempt (botnet-cnc.rules)
 * 1:20583 <-> ENABLED <-> WEB-CLIENT Mozilla multiple location headers malicious redirect attempt (web-client.rules)
 * 1:20577 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat malicious TIFF remote code execution attempt (specific-threats.rules)
 * 1:20581 <-> DISABLED <-> SCADA BroadWin WebAccess Client format string exploit attempt (scada.rules)
 * 1:20576 <-> DISABLED <-> SPECIFIC-THREATS Novell ZENworks Remote Management overflow attempt (specific-threats.rules)

Modified Rules:


 * 1:8091 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer error message format string vulnerability attempt (web-client.rules)
 * 1:9433 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:9643 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt (web-client.rules)
 * 1:9801 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player or Explorer Malformed RIFF File denial of service attempt (web-client.rules)
 * 1:9823 <-> DISABLED <-> WEB-CLIENT Apple QuickTime RTSP URI overflow attempt (web-client.rules)
 * 1:9840 <-> ENABLED <-> WEB-CLIENT Apple QuickTime HREF Track Detected (web-client.rules)
 * 1:9842 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Plugin Universal cross-site scripting attempt (web-client.rules)
 * 1:9843 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Plugin JavaScript parameter double free attempt (web-client.rules)
 * 1:9847 <-> DISABLED <-> WEB-CLIENT Microsoft Office Outlook Saved Search download attempt (web-client.rules)
 * 1:9848 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
 * 1:9849 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)
 * 1:16188 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint bad text header txttype attempt (web-client.rules)
 * 1:16183 <-> ENABLED <-> WEB-CLIENT Microsoft Windows .NET MSIL CombineImpl suspicious usage (web-client.rules)
 * 1:16220 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave director file malformed lcsr block memory corruption attempt (web-client.rules)
 * 1:16223 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave tSAC pointer overwrite attempt (web-client.rules)
 * 1:16224 <-> ENABLED <-> WEB-CLIENT Apple iTunes invalid tref box exploit attempt (web-client.rules)
 * 1:16231 <-> ENABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:16236 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file SxView record exploit attempt (web-client.rules)
 * 1:16241 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (web-client.rules)
 * 1:16300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:16301 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:16234 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16310 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16229 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel oversized ib memory corruption attempt (web-client.rules)
 * 1:16311 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16318 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:16316 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player malformed getPropertyLate actioncode attempt (web-client.rules)
 * 1:16319 <-> ENABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat attempt (web-client.rules)
 * 1:9430 <-> DISABLED <-> WEB-CLIENT Apple Quicktime Movie link file URI security bypass attempt (web-client.rules)
 * 1:16186 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (web-client.rules)
 * 1:17517 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Record Code Execution attempt (web-client.rules)
 * 1:17548 <-> ENABLED <-> WEB-CLIENT Apple Quicktime SMIL File Handling Integer Overflow attempt (web-client.rules)
 * 1:17572 <-> ENABLED <-> WEB-CLIENT Microsoft XML Core Services cross-site information disclosure attempt (web-client.rules)
 * 1:17573 <-> ENABLED <-> WEB-CLIENT ffdshow codec URL parsing buffer overflow attempt (web-client.rules)
 * 1:17586 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start malicious parameter value (web-client.rules)
 * 1:17591 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Crafted Sprm memory corruption attempt (web-client.rules)
 * 1:17602 <-> ENABLED <-> WEB-CLIENT ClamAV antivirus CHM file handling denial of service (web-client.rules)
 * 1:17610 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17611 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17612 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17629 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17631 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start JNLP java-vm-args buffer overflow attempt (web-client.rules)
 * 1:17642 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (web-client.rules)
 * 1:17646 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint Legacy file format picture object code execution attempt (web-client.rules)
 * 1:17649 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word array data handling buffer overflow attempt (web-client.rules)
 * 1:17653 <-> ENABLED <-> WEB-MISC Microsoft IIS source code disclosure attempt (web-misc.rules)
 * 1:17655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed formula parsing code execution attempt (web-client.rules)
 * 1:17664 <-> ENABLED <-> WEB-CLIENT Microsoft Office GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:17688 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer userdata behavior memory corruption attempt (web-client.rules)
 * 1:17689 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer userdata behavior memory corruption attempt (web-client.rules)
 * 1:17692 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer ExecWB security zone bypass attempt (web-client.rules)
 * 1:17695 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint paragraph format array inner header overflow attempt (web-client.rules)
 * 1:17709 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer EMBED element memory corruption attempt (web-client.rules)
 * 1:17711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ASF parsing memory corruption attempt (web-client.rules)
 * 1:17720 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:17725 <-> DISABLED <-> WEB-CLIENT Opera file URI handling buffer overflow (web-client.rules)
 * 1:17731 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows wpad dynamic update request  (bad-traffic.rules)
 * 1:17753 <-> ENABLED <-> MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (multimedia.rules)
 * 1:17756 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (web-client.rules)
 * 1:17757 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel CrErr record integer overflow attempt (web-client.rules)
 * 1:17776 <-> ENABLED <-> WEB-CLIENT Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (web-client.rules)
 * 1:17803 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules)
 * 1:17804 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox html tag attributes memory corruption (web-client.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint integer underflow heap corruption attempt (web-client.rules)
 * 1:18067 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF parsing remote code execution attempt (web-client.rules)
 * 1:18069 <-> ENABLED <-> WEB-CLIENT Microsoft Office Art drawing invalid shape identifier attempt (web-client.rules)
 * 1:18071 <-> ENABLED <-> WEB-CLIENT Microsoft Office pptimpconv.dll dll-load exploit attempt (web-client.rules)
 * 1:18074 <-> ENABLED <-> WEB-CLIENT Micrisoft Windows Forefront UAG URL XSS attempt (web-client.rules)
 * 1:18076 <-> ENABLED <-> WEB-CLIENT Microsoft Forefront UAG URL XSS alternate attempt (web-client.rules)
 * 1:18102 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader invalid PDF JavaScript extension call (web-client.rules)
 * 1:18196 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules)
 * 1:18202 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book smmscrpt.dll malicious DLL load (web-client.rules)
 * 1:18204 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book wab32res.dll malicious DLL load (web-client.rules)
 * 1:18205 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book msoeres32.dll malicious DLL load (web-client.rules)
 * 1:18208 <-> ENABLED <-> WEB-CLIENT Microsoft Windows 7 Home peerdist.dll dll-load exploit attempt (web-client.rules)
 * 1:18210 <-> ENABLED <-> WEB-CLIENT Microsoft Movie Maker hhctrl.ocx dll-load exploit attempt (web-client.rules)
 * 1:18216 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6 #default#anim attempt (web-client.rules)
 * 1:18217 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer select element memory corruption attempt (web-client.rules)
 * 1:18219 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18221 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table remote code execution attempt (web-client.rules)
 * 1:18222 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18223 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18224 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18231 <-> ENABLED <-> WEB-CLIENT Microsoft Publisher oversized oti length attempt (web-client.rules)
 * 1:18233 <-> ENABLED <-> WEB-CLIENT Microsoft Publisher Adobe Font Driver code execution attempt (web-client.rules)
 * 1:18235 <-> ENABLED <-> WEB-CLIENT Microsoft Office PICT graphics converter memory corruption attempt (web-client.rules)
 * 1:18237 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (web-client.rules)
 * 1:18239 <-> ENABLED <-> WEB-CLIENT known malicious JavaScript decryption routine (web-client.rules)
 * 1:18240 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules)
 * 1:18246 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Fax Services Cover Page Editor overflow attempt (web-client.rules)
 * 1:18277 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18280 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer oversize recordset object cache size exploit attempt (web-client.rules)
 * 1:18282 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules)
 * 1:18297 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (web-client.rules)
 * 1:18309 <-> ENABLED <-> WEB-CLIENT Microsoft Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:18396 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Hypervisor denial of service vfd download attempt (web-client.rules)
 * 1:18398 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 1:18401 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Internet Explorer Base64 encoded script overflow attempt (web-client.rules)
 * 1:18403 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer datasrc overflow attempt (web-client.rules)
 * 1:18404 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer document.insertBefore memory corruption attempt (web-client.rules)
 * 1:18419 <-> ENABLED <-> WEB-CLIENT Adobe field flags exploit attempt (web-client.rules)
 * 1:18431 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin sqlite.dll dll-load exploit attempt (web-client.rules)
 * 1:18432 <-> ENABLED <-> WEB-CLIENT Acrobat Reader d3dref9.dll dll-load exploit attempt (web-client.rules)
 * 1:18439 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin ace.dll dll-load exploit attempt (web-client.rules)
 * 1:18440 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin agm.dll dll-load exploit attempt (web-client.rules)
 * 1:18441 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin bibutils.dll dll-load exploit attempt (web-client.rules)
 * 1:18442 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin cooltype.dll dll-load exploit attempt (web-client.rules)
 * 1:18443 <-> ENABLED <-> WEB-CLIENT Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (web-client.rules)
 * 1:18445 <-> ENABLED <-> WEB-CLIENT Acrobat Flash Player nvapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18456 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat XML entity escape attempt (web-client.rules)
 * 1:18483 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18484 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18495 <-> ENABLED <-> WEB-CLIENT Microsoft product .dll dll-load exploit attempt (web-client.rules)
 * 1:18496 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (web-client.rules)
 * 1:18499 <-> ENABLED <-> WEB-CLIENT Microsoft Groove mso.dll dll-load exploit attempt (web-client.rules)
 * 1:18506 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18507 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18508 <-> ENABLED <-> WEB-CLIENT Apple Safari WebKit ParentStyleSheet exploit attempt (web-client.rules)
 * 1:18510 <-> ENABLED <-> WEB-CLIENT Apple Quicktime FlashPix Movie file integer overflow attempt (web-client.rules)
 * 1:18527 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader shell metacharacter code execution attempt (web-client.rules)
 * 1:18535 <-> ENABLED <-> WEB-CLIENT Multiple Vendors Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (web-client.rules)
 * 1:18561 <-> ENABLED <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules)
 * 1:18583 <-> ENABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18619 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (web-client.rules)
 * 1:18620 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (web-client.rules)
 * 1:18621 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (web-client.rules)
 * 1:18622 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (web-client.rules)
 * 1:18623 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (web-client.rules)
 * 1:18633 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record memory corruption attempt (web-client.rules)
 * 1:18634 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Workspace file FontCount record memory corruption attempt (web-client.rules)
 * 1:18655 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt  (bad-traffic.rules)
 * 1:1866 <-> ENABLED <-> POP3 USER overflow attempt (pop3.rules)
 * 1:18670 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18671 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18680 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed pfragments field (web-client.rules)
 * 1:18744 <-> ENABLED <-> WEB-CLIENT VideoLAN vlc player subtitle buffer overflow attempt (web-client.rules)
 * 1:18768 <-> ENABLED <-> SMTP Novell GroupWise internet agent RRULE parsing buffer overflow attempt (smtp.rules)
 * 1:18809 <-> DISABLED <-> WEB-CLIENT Mozilla EnsureCachedAttrPraramArrays integer overflow attempt (web-client.rules)
 * 1:18903 <-> DISABLED <-> WEB-CLIENT Apple Safari WebKit Rendering Counter Code Execution (web-client.rules)
 * 1:18928 <-> DISABLED <-> WEB-CLIENT Apple QuickTime streaming debug error logging buffer overflow attempt (web-client.rules)
 * 1:18961 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18986 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:18962 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18987 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:19023 <-> DISABLED <-> BACKDOOR Backdoor.IRC.Zapchast.zwrc outbound connection (backdoor.rules)
 * 1:19099 <-> DISABLED <-> WEB-CLIENT Apple Safari CSS font format corruption attempt (web-client.rules)
 * 1:19130 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19100 <-> ENABLED <-> WEB-CLIENT Oracle Java Soundbank resource name overflow attempt (web-client.rules)
 * 1:19141 <-> DISABLED <-> WEB-CLIENT Microsoft Access Wizard control memory corruption ActiveX clsid access (web-client.rules)
 * 1:19143 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (web-client.rules)
 * 1:19147 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:19150 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table tag memory corruption attempt (web-client.rules)
 * 1:19149 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table tag memory corruption attempt (web-client.rules)
 * 1:19153 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word malformed index code execution attempt (web-client.rules)
 * 1:19169 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (web-client.rules)
 * 1:19174 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vista feed headlines cross-site scripting attack attempt (web-client.rules)
 * 1:19203 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19186 <-> ENABLED <-> WEB-CLIENT Microsoft Certification service XSS attempt (web-client.rules)
 * 1:19239 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 toStaticHTML XSS attempt (web-client.rules)
 * 1:19204 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19225 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SerAuxTrend biff record corruption attempt (web-client.rules)
 * 1:19231 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Series record exploit attempt (web-client.rules)
 * 1:19237 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:19240 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer IE6/7/8 reload stylesheet attempt (web-client.rules)
 * 1:18706 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed second pfragments field (web-client.rules)
 * 1:8414 <-> DISABLED <-> WEB-CLIENT Microsoft Office GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:8443 <-> DISABLED <-> WEB-CLIENT Mozilla regular expression heap corruption attempt (web-client.rules)
 * 1:8416 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:8413 <-> DISABLED <-> WEB-CLIENT HCP URI uplddrvinfo access (web-client.rules)
 * 1:7205 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel FngGroupCount record overflow attempt (web-client.rules)
 * 1:5318 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf file arbitrary code execution attempt (web-client.rules)
 * 1:2437 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer arbitrary javascript command attempt (web-client.rules)
 * 1:20501 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20140 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:3534 <-> ENABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - NETSCAPE2.0 (web-client.rules)
 * 1:3552 <-> ENABLED <-> WEB-CLIENT Microsoft Windows OLE32 MSHTA masquerade attempt (web-client.rules)
 * 1:20471 <-> DISABLED <-> FILE-IDENTIFY RIFX file magic detection (file-identify.rules)
 * 1:5741 <-> ENABLED <-> WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt (web-client.rules)
 * 1:3088 <-> DISABLED <-> WEB-CLIENT winamp .cda file name overflow attempt (web-client.rules)
 * 1:7199 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel label record overflow attempt (web-client.rules)
 * 1:20476 <-> DISABLED <-> FILE-IDENTIFY TNEF file magic detection (file-identify.rules)
 * 1:20119 <-> ENABLED <-> WEB-CLIENT Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (web-client.rules)
 * 1:4135 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow single packet attempt (web-client.rules)
 * 1:20278 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:4917 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (web-client.rules)
 * 1:20139 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:5711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:20483 <-> DISABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:4679 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie file component name integer overflow multipacket attempt (web-client.rules)
 * 1:3634 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow multipacket attempt (web-client.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:5319 <-> ENABLED <-> WEB-CLIENT Metasploit Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
 * 1:6505 <-> ENABLED <-> WEB-CLIENT Apple Quicktime fpx file SectNumMiniFAT overflow attempt (web-client.rules)
 * 1:3814 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer javaprxy.dll COM access (web-client.rules)
 * 1:4680 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie file component name integer overflow attempt (web-client.rules)
 * 1:3133 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image height download attempt (web-client.rules)
 * 1:7022 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Explorer invalid url file overflow attempt (web-client.rules)
 * 1:7198 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing multi byte buffer over attempt (web-client.rules)
 * 1:20144 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (web-client.rules)
 * 1:4675 <-> DISABLED <-> WEB-CLIENT Adobe Flash DOACTION tag overflow attempt (web-client.rules)
 * 1:6502 <-> ENABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (web-client.rules)
 * 1:5713 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Metafile invalid header size integer overflow (web-client.rules)
 * 1:20277 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:20498 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:3470 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer VIDORV30 header length buffer overflow (web-client.rules)
 * 1:20502 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:3149 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 5/6 object type overflow attempt (web-client.rules)
 * 1:3473 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL file overflow attempt (web-client.rules)
 * 1:4647 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload overflow attempt (web-client.rules)
 * 1:7203 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word information string overflow attempt (web-client.rules)
 * 1:3007 <-> DISABLED <-> IMAP command overflow attempt (imap.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:4134 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Exploerer blnmgr clsid attempt (web-client.rules)
 * 1:2589 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Content-Disposition CLSID command attempt (web-client.rules)
 * 1:7200 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information null string overflow attempt (web-client.rules)
 * 1:7197 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (web-client.rules)
 * 1:5712 <-> ENABLED <-> WEB CLIENT Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules)
 * 1:20149 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat embedded IFF file RGBA chunk memory corruption attempt (web-client.rules)
 * 1:20284 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:6509 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri href buffer overflow attempt (web-client.rules)
 * 1:3079 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ANI file parsing overflow (web-client.rules)
 * 1:3679 <-> DISABLED <-> WEB-CLIENT Web-client IFRAME src javascript code execution (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:20503 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20156 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat getCosObj file overwrite attempt (web-client.rules)
 * 1:254 <-> ENABLED <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:3683 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer spoofed MIME-Type auto-execution attempt (web-client.rules)
 * 1:4136 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow multipacket attempt (web-client.rules)
 * 1:20162 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader sandbox disable attempt (web-client.rules)
 * 1:20211 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:4132 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer msdds clsid attempt (web-client.rules)
 * 1:7020 <-> DISABLED <-> WEB-CLIENT isComponentInstalled function buffer overflow (web-client.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:3134 <-> DISABLED <-> WEB-CLIENT Microsoft PNG large colour depth download attempt (web-client.rules)
 * 1:4643 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file buffer overflow attempt (web-client.rules)
 * 1:3632 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow attempt (web-client.rules)
 * 1:7048 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object record overflow attempt (web-client.rules)
 * 1:20430 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start BasicServiceImpl security policy bypass attempt (web-client.rules)
 * 1:20445 <-> ENABLED <-> WEB-CLIENT Foxit Reader title overflow attempt (web-client.rules)
 * 1:7024 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel style handling overflow attempt (web-client.rules)
 * 1:20253 <-> ENABLED <-> NETBIOS Microsoft products oleacc.dll dll-load exploit attempt (netbios.rules)
 * 1:2707 <-> DISABLED <-> WEB-CLIENT JPEG parser multipacket heap overflow (web-client.rules)
 * 1:20254 <-> ENABLED <-> WEB-CLIENT Microsoft products oleacc.dll dll-load exploit attempt (web-client.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detection (file-identify.rules)
 * 1:3553 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (web-client.rules)
 * 1:3471 <-> DISABLED <-> WEB-CLIENT Apple iTunes playlist URL overflow attempt (web-client.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:4916 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (web-client.rules)
 * 1:20259 <-> ENABLED <-> WEB-MISC Malicious Microsoft Agent Helper JAR download attempt (web-misc.rules)
 * 1:3132 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image width download attempt (web-client.rules)
 * 1:20512 <-> DISABLED <-> FILE-IDENTIFY mx4 file magic detection (file-identify.rules)
 * 1:2438 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist file URL overflow attempt (web-client.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:20263 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer htmlfile null attribute access (web-client.rules)
 * 1:7025 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:2489 <-> DISABLED <-> EXPLOIT esignal STREAMQUOTE buffer overflow attempt (exploit.rules)
 * 1:20288 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer QCP parsing buffer overflow attempt (web-client.rules)
 * 1:6510 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (web-client.rules)
 * 1:2338 <-> ENABLED <-> FTP LIST buffer overflow attempt (ftp.rules)
 * 1:6700 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (web-client.rules)
 * 1:5710 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules)
 * 1:20504 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:3536 <-> ENABLED <-> WEB-CLIENT Mozilla GIF multipacket heap overflow - NETSCAPE2.0 (web-client.rules)
 * 1:7002 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:20283 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:20470 <-> DISABLED <-> FILE-IDENTIFY RIFF file magic detection (file-identify.rules)
 * 1:2439 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist http URL overflow attempt (web-client.rules)
 * 1:4133 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer devenum clsid attempt (web-client.rules)
 * 1:20120 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows WINS internal communications on network exploit attempt (bad-traffic.rules)
 * 1:20487 <-> DISABLED <-> FILE-IDENTIFY 7zip file magic detection (file-identify.rules)
 * 1:20500 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:3192 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules)
 * 1:3820 <-> DISABLED <-> WEB-CLIENT Microsoft Windows CHM file transfer attempt (web-client.rules)
 * 1:20486 <-> DISABLED <-> FILE-IDENTIFY RTF file magic detection (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY shockwave file magic detection (file-identify.rules)
 * 1:2671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt (web-client.rules)
 * 1:2515 <-> DISABLED <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
 * 1:20141 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:6503 <-> ENABLED <-> WEB-CLIENT Mozilla GIF multipacket heap overflow - ANIMEXTS1.0 (web-client.rules)
 * 1:7202 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:20477 <-> DISABLED <-> FILE-IDENTIFY ELF file magic detection (file-identify.rules)
 * 1:2705 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products JPEG parser heap overflow attempt (web-client.rules)
 * 1:20279 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Exploerer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:20499 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:3148 <-> ENABLED <-> WEB-CLIENT Microsoft Windows winhelp clsid attempt (web-client.rules)
 * 1:20431 <-> ENABLED <-> WEB-CLIENT Wireshark DECT packet dissector overflow attempt (web-client.rules)
 * 1:4644 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file with comment buffer overflow attempt (web-client.rules)
 * 1:2440 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist rtsp URL overflow attempt (web-client.rules)
 * 1:20511 <-> DISABLED <-> FILE-IDENTIFY bcproj file magic detection (file-identify.rules)
 * 1:3689 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer tRNS overflow attempt (web-client.rules)
 * 1:6506 <-> ENABLED <-> WEB-CLIENT Apple Quicktime udta atom overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:7201 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word summary information null string overflow attempt (web-client.rules)
 * 1:20000 <-> DISABLED <-> WEB-CLIENT Hello from the VRT (web-client.rules)
 * 1:19245 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer redirect to cdl protocol attempt (web-client.rules)
 * 1:19243 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:9429 <-> DISABLED <-> WEB-CLIENT Apple Quicktime Movie link scripting security bypass attempt (web-client.rules)
 * 1:8448 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel colinfo XF record overflow attempt (web-client.rules)
 * 1:8445 <-> DISABLED <-> WEB-CLIENT Microsoft Windows RTF file with embedded object package download attempt (web-client.rules)
 * 1:9432 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:7204 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object ftCmo overflow attempt (web-client.rules)
 * 1:9625 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player ASX file ref href buffer overflow attempt (web-client.rules)
 * 1:9641 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF simple index object parsing buffer overflow attempt (web-client.rules)
 * 1:9642 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF codec list object parsing buffer overflow attempt (web-client.rules)
 * 1:10063 <-> ENABLED <-> WEB-CLIENT Firefox query interface suspicious function call access attempt (web-client.rules)
 * 1:11180 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie ftyp buffer underflow (web-client.rules)
 * 1:11258 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Named Graph Information unicode overflow (web-client.rules)
 * 1:11290 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11947 <-> ENABLED <-> WEB-CLIENT Microsoft Windows schannel security package (web-client.rules)
 * 1:12219 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (web-client.rules)
 * 1:12256 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed FBI record (web-client.rules)
 * 1:12284 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (web-client.rules)
 * 1:1233 <-> ENABLED <-> WEB-CLIENT Outlook EML access (web-client.rules)
 * 1:12618 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Basic VBP file reference overflow attempt (web-client.rules)
 * 1:12643 <-> DISABLED <-> WEB-CLIENT Microsoft Windows URI External handler arbitrary command attempt (web-client.rules)
 * 1:12707 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules)
 * 1:12728 <-> ENABLED <-> WEB-CLIENT RealNetworks SMIL wallclock stack overflow attempt (web-client.rules)
 * 1:1284 <-> DISABLED <-> WEB-CLIENT readme.eml download attempt (web-client.rules)
 * 1:12983 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules)
 * 1:13158 <-> ENABLED <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules)
 * 1:13159 <-> ENABLED <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules)
 * 1:13160 <-> ENABLED <-> WEB-CLIENT Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules)
 * 1:13288 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (bad-traffic.rules)
 * 1:13293 <-> DISABLED <-> WEB-CLIENT Apple QuickTime panorama atoms buffer overflow attempt (web-client.rules)
 * 1:13448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (web-client.rules)
 * 1:13449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (web-client.rules)
 * 1:13453 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (web-client.rules)
 * 1:13454 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (web-client.rules)
 * 1:13455 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (web-client.rules)
 * 1:13456 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (web-client.rules)
 * 1:13466 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section length headers memory corruption attempt (web-client.rules)
 * 1:13474 <-> ENABLED <-> WEB-CLIENT Microsoft WebDAV MiniRedir remote code execution attempt (web-client.rules)
 * 1:13515 <-> ENABLED <-> WEB-CLIENT Apple Quicktime user agent (web-client.rules)
 * 1:13516 <-> ENABLED <-> WEB-CLIENT Apple Quicktime HTTP error response buffer overflow (web-client.rules)
 * 1:13569 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel macro validation arbitrary code execution attempt (web-client.rules)
 * 1:13570 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel cf record arbitrary code excecution attempt (web-client.rules)
 * 1:13571 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel dval record arbitrary code excecution attempt (web-client.rules)
 * 1:13572 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (web-client.rules)
 * 1:13573 <-> ENABLED <-> WEB-CLIENT Microsoft Outlook arbitrary command line attempt (web-client.rules)
 * 1:13665 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio DXF file invalid memory allocation exploit attempt (web-client.rules)
 * 1:13807 <-> DISABLED <-> WEB-CLIENT Microsoft Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)
 * 1:13820 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:13821 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:13822 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:13823 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (web-client.rules)
 * 1:13824 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (web-client.rules)
 * 1:13834 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer request header overwrite (web-client.rules)
 * 1:13838 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox IFRAME style change handling code execution (web-client.rules)
 * 1:13950 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start JNLP attribute buffer overflow attempt (web-client.rules)
 * 1:13960 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:13961 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer table layout access violation vulnerability (web-client.rules)
 * 1:13962 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer MHTML zone control bypass attempt (web-client.rules)
 * 1:13963 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer argument validation in print preview handling vulnerability (web-client.rules)
 * 1:13964 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer span frontier parsing memory corruption (web-client.rules)
 * 1:13970 <-> ENABLED <-> WEB-CLIENT Microsoft Office eps filters memory corruption attempt (web-client.rules)
 * 1:13971 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (web-client.rules)
 * 1:13972 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel country record arbitrary code execution attempt (web-client.rules)
 * 1:13974 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XHTML element memory corruption attempt (web-client.rules)
 * 1:13980 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer http status response memory corruption vulnerability (web-client.rules)
 * 1:13981 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed chart arbitrary code execution attempt (web-client.rules)
 * 1:14261 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI VML gradient size heap overflow attempt (web-client.rules)
 * 1:14262 <-> ENABLED <-> WEB-CLIENT Microsoft Office OneNote iframe caller exploit attempt (web-client.rules)
 * 1:14641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (web-client.rules)
 * 1:14642 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file with embedded ActiveX control (web-client.rules)
 * 1:14643 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (web-client.rules)
 * 1:14644 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain unfocusable HTML element (web-client.rules)
 * 1:14645 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain setExpression exploit attempt (web-client.rules)
 * 1:14656 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XSS mouseevent PII disclosure attempt (web-client.rules)
 * 1:14657 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (web-client.rules)
 * 1:15012 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer MSXML DLL memory corruption attempt (web-client.rules)
 * 1:15014 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat util.printf buffer overflow attempt (web-client.rules)
 * 1:15081 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start xml encoding buffer overflow attempt (web-client.rules)
 * 1:15104 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (web-client.rules)
 * 1:15105 <-> ENABLED <-> WEB-CLIENT Microsoft GDI WMF file parsing integer overflow attempt (web-client.rules)
 * 1:15106 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file integer overflow attempt (web-client.rules)
 * 1:15107 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
 * 1:15108 <-> ENABLED <-> WEB-CLIENT Microsoft Office Sharepoint Server elevation of privilege exploit attempt (web-client.rules)
 * 1:15114 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer embed src buffer overflow attempt (web-client.rules)
 * 1:15115 <-> ENABLED <-> WEB-CLIENT Microsoft Windows WebDAV pathname buffer overflow attempt (web-client.rules)
 * 1:15116 <-> ENABLED <-> WEB-CLIENT Microsoft Windows search protocol handler access attempt (web-client.rules)
 * 1:15126 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer nested tag memory corruption attempt (web-client.rules)
 * 1:15147 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed iframe buffer overflow attempt (web-client.rules)
 * 1:15299 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:15303 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (web-client.rules)
 * 1:15304 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object clone deletion memory corruption attempt (web-client.rules)
 * 1:15305 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:15362 <-> ENABLED <-> WEB-CLIENT obfuscated javascript excessive fromCharCode - potential attack (web-client.rules)
 * 1:15363 <-> ENABLED <-> WEB-CLIENT Potential obfuscated javascript eval unescape attack attempt (web-client.rules)
 * 1:15384 <-> ENABLED <-> WEB-CLIENT Apple QuickTime pict image poly structure memory corruption attempt (web-client.rules)
 * 1:15386 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows wpad dynamic update request  (bad-traffic.rules)
 * 1:15430 <-> ENABLED <-> WEB-CLIENT Microsoft EMF+ GpFont.SetData buffer overflow attempt (web-client.rules)
 * 1:15460 <-> ENABLED <-> EXPLOIT Internet Explorer ActiveX load/unload race condition attempt (exploit.rules)
 * 1:15461 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer marquee tag onstart memory corruption (web-client.rules)
 * 1:15468 <-> ENABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat dll request (web-client.rules)
 * 1:15469 <-> ENABLED <-> WEB-CLIENT Microsoft Office WordPad and Office text converters integer underflow attempt (web-client.rules)
 * 1:15475 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ISA Server cross-site scripting attempt (web-client.rules)
 * 1:15480 <-> ENABLED <-> WEB-CLIENT Apple Quicktime movie record invalid version number exploit attempt (web-client.rules)
 * 1:15499 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (web-client.rules)
 * 1:15500 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint LinkedSlide memory corruption (web-client.rules)
 * 1:15501 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (web-client.rules)
 * 1:15502 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (web-client.rules)
 * 1:15504 <-> ENABLED <-> WEB-CLIENT Microsoft Office Download of PowerPoint 4.0 file (web-client.rules)
 * 1:15505 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (web-client.rules)
 * 1:15506 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (web-client.rules)
 * 1:15517 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVI DirectShow quicktime parsing overflow attempt (web-client.rules)
 * 1:15529 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (web-client.rules)
 * 1:15531 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Unexpected method call remote code execution attempt (web-client.rules)
 * 1:15534 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XML HttpRequest race condition exploit attempt (web-client.rules)
 * 1:15535 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer setCapture heap corruption exploit attempt (web-client.rules)
 * 1:15536 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object modification exploit attempt (web-client.rules)
 * 1:15538 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:15539 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Formula record remote code execution attempt (web-client.rules)
 * 1:15540 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DOM memory corruption attempt (web-client.rules)
 * 1:15541 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SST record remote code execution attempt (web-client.rules)
 * 1:15542 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Qsir and Qsif record remote code execution attempt (web-client.rules)
 * 1:15562 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader JPX malformed code-block width attempt (web-client.rules)
 * 1:15682 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (web-client.rules)
 * 1:15693 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (web-client.rules)
 * 1:15694 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (web-client.rules)
 * 1:15695 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15709 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat and Adobe Acrobat Reader FlateDecode integer overflow attempt (web-client.rules)
 * 1:15854 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile media file processing memory corruption attempt (web-client.rules)
 * 1:15866 <-> DISABLED <-> WEB-CLIENT libxml2 file processing long entity overflow attempt (web-client.rules)
 * 1:15872 <-> DISABLED <-> WEB-CLIENT Firefox defineSetter function pointer memory corruption attempt (web-client.rules)
 * 1:15873 <-> DISABLED <-> WEB-CLIENT Firefox location spoofing via invalid window.open characters (web-client.rules)
 * 1:15893 <-> DISABLED <-> WEB-CLIENT fCreateShellLink function use - potential attack (web-client.rules)
 * 1:15913 <-> ENABLED <-> WEB-CLIENT Microsoft Windows javascript arguments keyword override rce attempt (web-client.rules)
 * 1:15933 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer URL canonicalization address bar spoofing attempt (web-client.rules)
 * 1:16054 <-> DISABLED <-> WEB-CLIENT Apple Quicktime bitmap multiple header overflow (web-client.rules)
 * 1:16063 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer isindex buffer overflow attempt (web-client.rules)
 * 1:16151 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer unitialized or deleted object access attempt (web-client.rules)
 * 1:16153 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed WMF meta escape record memory corruption (web-client.rules)
 * 1:16155 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer indexing service malformed parameters (web-client.rules)
 * 1:16157 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed ASF voice codec memory corruption (web-client.rules)
 * 1:16169 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:16181 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (web-client.rules)
 * 1:16321 <-> ENABLED <-> WEB-CLIENT Adobe tiff oversized image length attempt (web-client.rules)
 * 1:16322 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader oversized object width attempt (web-client.rules)
 * 1:16324 <-> ENABLED <-> WEB-CLIENT Adobe doc.export arbitrary file write attempt (web-client.rules)
 * 1:16330 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer orphan DOM objects memory corruption attempt (web-client.rules)
 * 1:16331 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player JPEG parsing heap overflow attempt (web-client.rules)
 * 1:16333 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader media.newPlayer memory corruption attempt (web-client.rules)
 * 1:16335 <-> DISABLED <-> WEB-CLIENT xpdf ObjectStream integer overflow (web-client.rules)
 * 1:16339 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (web-client.rules)
 * 1:16342 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile truncated media file processing memory corruption attempt (web-client.rules)
 * 1:16359 <-> ENABLED <-> WEB-CLIENT Adobe Illustrator DSC comment overflow attempt (web-client.rules)
 * 1:16367 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt (web-client.rules)
 * 1:16373 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt (web-client.rules)
 * 1:16378 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (web-client.rules)
 * 1:16382 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (web-client.rules)
 * 1:16409 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:16410 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (web-client.rules)
 * 1:16411 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:16412 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (web-client.rules)
 * 1:16414 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Shell Handler remote code execution attempt (web-client.rules)
 * 1:16416 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed MSODrawing Record (web-client.rules)
 * 1:16423 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (web-client.rules)
 * 1:16452 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer .hlp samba share download attempt (web-client.rules)
 * 1:16464 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 heap overflow attempt (web-client.rules)
 * 1:16465 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (web-client.rules)
 * 1:16469 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (web-client.rules)
 * 1:16470 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16471 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16482 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer userdata behavior memory corruption attempt (web-client.rules)
 * 1:16492 <-> ENABLED <-> WEB-CLIENT Apple Safari inline text box use after free attempt (web-client.rules)
 * 1:16506 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:16507 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:16508 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (web-client.rules)
 * 1:16543 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player codec code execution attempt (web-client.rules)
 * 1:16545 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (web-client.rules)
 * 1:16554 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat javascript getIcon method buffer overflow attempt (web-client.rules)
 * 1:16578 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (exploit.rules)
 * 1:16586 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16593 <-> ENABLED <-> WEB-CLIENT Microsoft VBE6.dll stack corruption attempt (web-client.rules)
 * 1:16596 <-> ENABLED <-> WEB-CLIENT Apple Safari information disclosure and remote code execution attempt (web-client.rules)
 * 1:16603 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (web-client.rules)
 * 1:16612 <-> DISABLED <-> WEB-CLIENT Firefox oversized SOCKS5 DNS reply memory corruption attempt (web-client.rules)
 * 1:16633 <-> ENABLED <-> WEB-CLIENT Adobe PDF File containing Flash use-after-free attack (web-client.rules)
 * 1:16634 <-> ENABLED <-> WEB-CLIENT Adobe Flash use-after-free attack (web-client.rules)
 * 1:16638 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt (web-client.rules)
 * 1:16639 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (web-client.rules)
 * 1:16640 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (web-client.rules)
 * 1:16641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (web-client.rules)
 * 1:16643 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:16647 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (web-client.rules)
 * 1:16650 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (web-client.rules)
 * 1:16651 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (web-client.rules)
 * 1:16652 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (web-client.rules)
 * 1:16653 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (web-client.rules)
 * 1:16654 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel undocumented Publisher record heap buffer overflow attempt (web-client.rules)
 * 1:16655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Lbl record stack overflow attempt (web-client.rules)
 * 1:16656 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (web-client.rules)
 * 1:16657 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DBQueryExt record memory corruption attempt (web-client.rules)
 * 1:16673 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave DIR file PAMI chunk code execution attempt (web-client.rules)
 * 1:16677 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malformed FlateDecode colors declaration (web-client.rules)
 * 1:16689 <-> ENABLED <-> WEB-CLIENT Palo Alto Networks Firewall editUser.esp XSS attempt (web-client.rules)
 * 1:16716 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules)
 * 1:17113 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource redefine flowbit (web-client.rules)
 * 1:17114 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource remote code execution attempt (web-client.rules)
 * 1:17120 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (web-client.rules)
 * 1:17121 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (web-client.rules)
 * 1:17122 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (web-client.rules)
 * 1:17123 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format invalid field size memory corruption attempt (web-client.rules)
 * 1:17124 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word malformed table record memory corruption attempt (web-client.rules)
 * 1:17129 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer use-after-free memory corruption attempt (web-client.rules)
 * 1:17130 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer boundElements arbitrary code execution (web-client.rules)
 * 1:17131 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (web-client.rules)
 * 1:17133 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:17134 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel out-of-bounds structure read memory corruption attempt (web-client.rules)
 * 1:17179 <-> ENABLED <-> WEB-CLIENT Adobe Director file pamm record exploit attempt (web-client.rules)
 * 1:17180 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt (web-client.rules)
 * 1:17181 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt (web-client.rules)
 * 1:17182 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17183 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17184 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17185 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17186 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17187 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17188 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17189 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17200 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM overflow attempt (web-client.rules)
 * 1:17202 <-> ENABLED <-> WEB-CLIENT Adobe Director file file Shockwave 3D overflow attempt (web-client.rules)
 * 1:17203 <-> ENABLED <-> WEB-CLIENT Adobe Director file file rcsL overflow attempt (web-client.rules)
 * 1:17204 <-> ENABLED <-> WEB-CLIENT Adobe Director file file mmap overflow attempt (web-client.rules)
 * 1:17211 <-> ENABLED <-> WEB-CLIENT Apple Quicktime marshaled punk remote code execution (web-client.rules)
 * 1:17212 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt (web-client.rules)
 * 1:17213 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17227 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel sheet name memory corruption attempt (web-client.rules)
 * 1:17236 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (web-client.rules)
 * 1:17256 <-> ENABLED <-> WEB-CLIENT Microsoft Windows uniscribe fonts parsing memory corruption attempt (web-client.rules)
 * 1:17285 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint PPT file parsing memory corruption attempt (web-client.rules)
 * 1:17292 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed data record code execution attempt (web-client.rules)
 * 1:17301 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word TextBox sub-document memory corruption attempt (web-client.rules)
 * 1:17303 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer clone object memory corruption attempt (web-client.rules)
 * 1:17308 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word SmartTag record code execution attempt (web-client.rules)
 * 1:17315 <-> ENABLED <-> WEB-CLIENT OpenOffice OLE File Stream Buffer Overflow (web-client.rules)
 * 1:17318 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17319 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17320 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17330 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17351 <-> ENABLED <-> WEB-CLIENT Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (web-client.rules)
 * 1:17355 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG Decoder Vulnerabilities attempt (web-client.rules)
 * 1:17362 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel IMDATA buffer overflow attempt (web-client.rules)
 * 1:17365 <-> ENABLED <-> WEB-CLIENT Microsoft Help Workshop CNT Help contents buffer overflow attempt (web-client.rules)
 * 1:17368 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document stream handling code execution attempt (web-client.rules)
 * 1:17378 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17379 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17400 <-> ENABLED <-> WEB-CLIENT rename of JavaScript unescape function - likely malware obfuscation (web-client.rules)
 * 1:17403 <-> ENABLED <-> WEB-CLIENT OpenOffice RTF File parsing heap buffer overflow attempt (web-client.rules)
 * 1:17408 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX Targa image file heap overflow attempt (web-client.rules)
 * 1:17443 <-> ENABLED <-> WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt (web-client.rules)
 * 1:17457 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionDefineFunction memory access vulnerability exploit attempt (web-client.rules)
 * 1:17462 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer marquee object handling memory corruption attempt (web-client.rules)
 * 1:17482 <-> ENABLED <-> WEB-CLIENT Mozilla NNTP URL Handling Buffer Overflow attempt (web-client.rules)
 * 1:17487 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (web-client.rules)
 * 1:17494 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt (web-client.rules)
 * 1:17505 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17506 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17507 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17511 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed Graphic Code Execution (web-client.rules)
 * 1:17512 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17513 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17514 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17515 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17516 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:19246 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS expression defined to empty selection attempt (web-client.rules)
 * 1:19253 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (web-client.rules)
 * 1:19254 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (web-client.rules)
 * 1:19294 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:19296 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:19303 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19315 <-> ENABLED <-> WEB-CLIENT Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (web-client.rules)
 * 1:19320 <-> DISABLED <-> WEB-CLIENT Microsoft Windows AVI Header insufficient data corruption attempt (web-client.rules)
 * 1:19436 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (web-client.rules)
 * 1:19445 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Timecode header RCE attempt (web-client.rules)
 * 1:19446 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media file name header RCE attempt (web-client.rules)
 * 1:19447 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media content type header RCE attempt (web-client.rules)
 * 1:19448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media pixel aspect ratio header RCE attempt (web-client.rules)
 * 1:19449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19450 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19460 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS multiple consoles on a single process attempt (web-client.rules)
 * 1:19461 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS NULL Fontface pointer attempt (web-client.rules)
 * 1:19462 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS negative array index code execution attempt (web-client.rules)
 * 1:19463 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS double free attempt (web-client.rules)
 * 1:19466 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio mfc71 dll-load exploit attempt (web-client.rules)
 * 1:19552 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel format record code execution attempt (web-client.rules)
 * 1:19666 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer multi-window access memory corruption attempt (web-client.rules)
 * 1:19670 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer telnet.exe file load exploit attempt (web-client.rules)
 * 1:19671 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XSL refreshing memory corruption attempt (web-client.rules)
 * 1:19672 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (web-client.rules)
 * 1:19678 <-> ENABLED <-> ICMP Microsoft Windows remote unauthenticated DoS/bugcheck vulnerability (icmp.rules)
 * 1:19679 <-> ENABLED <-> WEB-CLIENT Microsoft Windows NDISTAPI Driver code execution attempt (web-client.rules)
 * 1:19685 <-> ENABLED <-> WEB-CLIENT Adobe Flash regular expression grouping depth buffer overflow attempt (web-client.rules)
 * 1:19687 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionStoreRegister instruction length invalidation attempt (web-client.rules)
 * 1:19692 <-> ENABLED <-> WEB-CLIENT Adobe Flash cross-site request forgery attempt (web-client.rules)
 * 1:19693 <-> ENABLED <-> WEB-CLIENT Adobe Flash MP4 ref_frame allocated buffer overflow attempt (web-client.rules)
 * 1:19710 <-> ENABLED <-> WEB-CLIENT Google Chrome float rendering corruption attempt (web-client.rules)
 * 1:19808 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer covered object memory corruption attempt (web-client.rules)
 * 1:19868 <-> DISABLED <-> WEB-CLIENT hidden 1x1 div tag - potential malware obfuscation (web-client.rules)
 * 1:19871 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML buffer overflow attempt (web-client.rules)
 * 1:19886 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer ani file processing - remote code execution attempt (web-client.rules)
 * 1:19894 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 1:19910 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML user after free attempt (web-client.rules)
 * 1:19911 <-> ENABLED <-> WEB-CLIENT Microsoft SYmbolic LinK stack overflow attempt (web-client.rules)
 * 1:19926 <-> ENABLED <-> WEB-CLIENT Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (web-client.rules)
 * 1:19932 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher 2007 pointer dereference attempt (web-client.rules)
 * 1:19956 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Movie Maker project file heap buffer overflow attempt (web-client.rules)
 * 3:16154 <-> ENABLED <-> WEB-CLIENT GDI+ .NET image property parsing memory corruption (web-client.rules)
 * 3:16179 <-> ENABLED <-> EXPLOIT Microsoft .NET MSIL CLR interface multiple instantiation attempt (exploit.rules)
 * 3:16182 <-> ENABLED <-> EXPLOIT Microsoft .NET MSIL stack corruption attempt (exploit.rules)
 * 3:18064 <-> ENABLED <-> EXPLOIT Microsoft .NET framework EntityObject execution attempt (exploit.rules)
 * 3:18405 <-> ENABLED <-> SPECIFIC-THREATS Microsoft LSASS domain name buffer overflow attempt (specific-threats.rules)
 * 3:18409 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k.sys write message to dead thread code execution attempt (specific-threats.rules)
 * 3:18410 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k.sys write message to dead thread code execution attempt (specific-threats.rules)
 * 3:18411 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (specific-threats.rules)
 * 3:18412 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (specific-threats.rules)
 * 3:18667 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18501 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Malware Protection Engine elevation of privilege attempt (specific-threats.rules)
 * 3:18666 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18664 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18665 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18662 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18663 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18661 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)