Sourcefire VRT Rules Update

Date: 2012-04-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules)
 * 1:21895 <-> DISABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21907 <-> ENABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules)
 * 1:21924 <-> ENABLED <-> SPYWARE-PUT Adware.Downware variant outbound connection attempt (spyware-put.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21919 <-> DISABLED <-> WEB-ACTIVEX IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (web-activex.rules)
 * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21926 <-> ENABLED <-> WEB-PHP JCE Joomla module vulnerable directory traversal or malicious file upload attempt (web-php.rules)
 * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21923 <-> DISABLED <-> WEB-CLIENT Apache Tomcat PUT request remote file deployment attempt (web-client.rules)
 * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:21917 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules)
 * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21920 <-> ENABLED <-> ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (oracle.rules)
 * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21915 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP login request (exploit.rules)
 * 1:21928 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record (file-office.rules)
 * 1:21918 <-> DISABLED <-> WEB-ACTIVEX IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (web-activex.rules)
 * 1:21910 <-> ENABLED <-> BOTNET-CNC Apple OSX Flashback malware user-agent (botnet-cnc.rules)
 * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21911 <-> ENABLED <-> BOTNET-CNC Aldi variant outbound connection C&C checkin (botnet-cnc.rules)
 * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules)
 * 1:21914 <-> DISABLED <-> WEB-CLIENT Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (web-client.rules)
 * 1:21921 <-> ENABLED <-> ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (oracle.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21927 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> DISABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21916 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP login request (exploit.rules)
 * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21925 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user agent BOT/0.1 (blacklist.rules)
 * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21922 <-> DISABLED <-> WEB-CLIENT VLC mms hostname buffer overflow attempt (web-client.rules)
 * 1:21912 <-> ENABLED <-> BOTNET-CNC Aldi bot variant outbound connection user-agent (botnet-cnc.rules)
 * 1:21913 <-> ENABLED <-> WEB-CLIENT EMC data protection advisor DOS attempt (web-client.rules)
 * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)

Modified Rules:


 * 1:16639 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules)
 * 1:21326 <-> DISABLED <-> EXPLOIT Adobe Flash Player ActiveX URL import attempt (exploit.rules)
 * 1:16644 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:7203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules)
 * 1:9841 <-> DISABLED <-> SERVER-MAIL Micrsoft Office Outlook VEVENT overflow attempt (server-mail.rules)
 * 1:9844 <-> DISABLED <-> WEB-CLIENT VLC Media Player udp URI format string attempt (web-client.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:9847 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Saved Search download attempt (file-office.rules)
 * 1:987 <-> DISABLED <-> FILE-IDENTIFY .htr access file download request (file-identify.rules)
 * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules)
 * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules)
 * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules)
 * 1:1666 <-> DISABLED <-> INDICATOR-COMPROMISE index of /cgi-bin/ response (indicator-compromise.rules)
 * 1:16666 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari window.parent.close unspecified remote code execution vulnerability (specific-threats.rules)
 * 1:16691 <-> DISABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16692 <-> DISABLED <-> WEB-CLIENT BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (web-client.rules)
 * 1:16734 <-> DISABLED <-> WEB-CLIENT UltraISO CUE file handling stack buffer overflow attempt (web-client.rules)
 * 1:16742 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16800 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:17038 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules)
 * 1:17043 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows PIF shortcut file download request (file-identify.rules)
 * 1:17103 <-> DISABLED <-> WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt (web-iis.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17119 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules)
 * 1:17120 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules)
 * 1:17121 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules)
 * 1:17123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules)
 * 1:17124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules)
 * 1:17131 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (web-client.rules)
 * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out-of-bounds structure read memory corruption attempt (file-office.rules)
 * 1:17153 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules)
 * 1:17154 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules)
 * 1:17165 <-> DISABLED <-> WEB-CLIENT Opera browser document writing uninitialized memory access attempt (web-client.rules)
 * 1:17179 <-> ENABLED <-> WEB-CLIENT Adobe Director file pamm record exploit attempt (web-client.rules)
 * 1:17180 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt (web-client.rules)
 * 1:17181 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM record exploit attempt (web-client.rules)
 * 1:17182 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17183 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17184 <-> ENABLED <-> WEB-CLIENT Adobe Director file tSAC record exploit attempt (web-client.rules)
 * 1:17185 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17186 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17187 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17188 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17189 <-> ENABLED <-> WEB-CLIENT Adobe Director file rcsL record exploit attempt (web-client.rules)
 * 1:17200 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM overflow attempt (web-client.rules)
 * 1:17202 <-> ENABLED <-> WEB-CLIENT Adobe Director file file Shockwave 3D overflow attempt (web-client.rules)
 * 1:17203 <-> ENABLED <-> WEB-CLIENT Adobe Director file file rcsL overflow attempt (web-client.rules)
 * 1:17204 <-> ENABLED <-> WEB-CLIENT Adobe Director file file mmap overflow attempt (web-client.rules)
 * 1:17227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules)
 * 1:17233 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:17238 <-> ENABLED <-> WEB-CLIENT ACD Systems ACDSee Products XBM file handling buffer overflow attempt (web-client.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17245 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox image dragging exploit attempt (web-client.rules)
 * 1:17250 <-> ENABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules)
 * 1:17308 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17315 <-> ENABLED <-> WEB-CLIENT OpenOffice OLE File Stream Buffer Overflow (web-client.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17362 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules)
 * 1:17363 <-> ENABLED <-> WEB-CLIENT Apple OSX Finder DMG volume name memory corruption (web-client.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17368 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17388 <-> DISABLED <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17407 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17449 <-> DISABLED <-> WEB-MISC Novell ZENworks patch management SQL injection attempt (web-misc.rules)
 * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17508 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17510 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules)
 * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules)
 * 1:17537 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17539 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17540 <-> DISABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17542 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17558 <-> ENABLED <-> SPECIFIC-THREATS CUPS Gif Decoding Routine Buffer Overflow attempt (specific-threats.rules)
 * 1:17560 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Global Array Index Heap Overflow attempt (file-office.rules)
 * 1:17569 <-> DISABLED <-> EXPLOIT BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (exploit.rules)
 * 1:17591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Crafted Sprm memory corruption attempt (file-office.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17611 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17612 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17646 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules)
 * 1:17649 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules)
 * 1:17655 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules)
 * 1:17678 <-> DISABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17690 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17691 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17695 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17754 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules)
 * 1:17755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules)
 * 1:17756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules)
 * 1:17758 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:17759 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules)
 * 1:17760 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:17763 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules)
 * 1:17764 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:17767 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (exploit.rules)
 * 1:17770 <-> ENABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:17772 <-> DISABLED <-> WEB-ACTIVEX Microsoft Scriptlet Component ActiveX clsid access (web-activex.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17803 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18065 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18066 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules)
 * 1:18067 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:18068 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18197 <-> DISABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt (web-activex.rules)
 * 1:18212 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules)
 * 1:15299 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules)
 * 1:15682 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (web-client.rules)
 * 1:16241 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules)
 * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules)
 * 1:15694 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (web-client.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules)
 * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules)
 * 1:16231 <-> DISABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:16353 <-> ENABLED <-> WEB-CLIENT FFmpeg OGV file format memory corruption attempt (web-client.rules)
 * 1:13972 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules)
 * 1:14641 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:16434 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules)
 * 1:18214 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules)
 * 1:18217 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer select element memory corruption attempt (web-client.rules)
 * 1:18218 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer time element memory corruption attempt (specific-threats.rules)
 * 1:18230 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:18231 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules)
 * 1:18265 <-> ENABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18273 <-> DISABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18275 <-> DISABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18399 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 1:18415 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules)
 * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:18483 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18484 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18528 <-> DISABLED <-> DOS Oracle TimesTen In-Memory Database HTTP request denial of service attempt (dos.rules)
 * 1:18536 <-> ENABLED <-> FILE-OFFICE OpenOffice.org Microsoft Word file processing integer underflow attempt (file-office.rules)
 * 1:18538 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:18545 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules)
 * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules)
 * 1:18547 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules)
 * 1:18548 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules)
 * 1:18549 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules)
 * 1:18550 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:18556 <-> DISABLED <-> WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (web-misc.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18632 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules)
 * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:18635 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules)
 * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:18702 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18703 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18704 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18705 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18706 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules)
 * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules)
 * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules)
 * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules)
 * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules)
 * 1:18796 <-> DISABLED <-> WEB-MISC Novell iManager ClassName handling overflow attempt (web-misc.rules)
 * 1:18806 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:18903 <-> DISABLED <-> WEB-CLIENT Apple Safari WebKit Rendering Counter Code Execution (web-client.rules)
 * 1:18948 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18961 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18962 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18974 <-> DISABLED <-> WEB-ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX clsid access (web-activex.rules)
 * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:19002 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (specific-threats.rules)
 * 1:19005 <-> DISABLED <-> WEB-CLIENT Apple Safari/Google Chrome Webkit memory corruption attempt (web-client.rules)
 * 1:19010 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari WebKit menu onchange memory corruption attempt (specific-threats.rules)
 * 1:19063 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Movie Maker string size overflow attempt (specific-threats.rules)
 * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19073 <-> DISABLED <-> DOS Squid Proxy Expect header null pointer denial of service attempt (dos.rules)
 * 1:19078 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox html tag attributes memory corruption (specific-threats.rules)
 * 1:19085 <-> DISABLED <-> WEB-ACTIVEX LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (web-activex.rules)
 * 1:19095 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit CSS Charset Text transformation code execution attempt (specific-threats.rules)
 * 1:19108 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules)
 * 1:19119 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver remote code execution attempt (specific-threats.rules)
 * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules)
 * 1:19133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:19134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules)
 * 1:19142 <-> DISABLED <-> WEB-MISC Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (web-misc.rules)
 * 1:19149 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table tag memory corruption attempt (web-client.rules)
 * 1:19150 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table tag memory corruption attempt (web-client.rules)
 * 1:19151 <-> DISABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid access (web-activex.rules)
 * 1:19153 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules)
 * 1:19154 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules)
 * 1:19169 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (web-client.rules)
 * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:19211 <-> DISABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19222 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:19224 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules)
 * 1:19227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules)
 * 1:19228 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration preauth variable command injection attempt (web-misc.rules)
 * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules)
 * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules)
 * 1:1045 <-> DISABLED <-> WEB-IIS Unauthorized IP Access Attempt (web-iis.rules)
 * 1:10062 <-> DISABLED <-> WEB-CLIENT Java Virtual Machine malformed GIF buffer overflow attempt (web-client.rules)
 * 1:16478 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16536 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules)
 * 1:21757 <-> ENABLED <-> BOTNET-CNC Apple OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21684 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:21628 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file download request (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:21307 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:21568 <-> DISABLED <-> DOS RDP RST denial of service attempt (dos.rules)
 * 1:3134 <-> DISABLED <-> WEB-CLIENT Microsoft PNG large colour depth download attempt (web-client.rules)
 * 1:21618 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:4170 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-activex.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21755 <-> ENABLED <-> BOTNET-CNC Apple OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules)
 * 1:21623 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:21758 <-> ENABLED <-> BOTNET-CNC Apple OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21410 <-> DISABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:3689 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer tRNS overflow attempt (web-client.rules)
 * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:2435 <-> DISABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:21008 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21685 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:2707 <-> DISABLED <-> WEB-CLIENT JPEG parser multipacket heap overflow (web-client.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21014 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21626 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21302 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules)
 * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules)
 * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21585 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:21612 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:2104 <-> DISABLED <-> INDICATOR-COMPROMISE rexec username too long response (indicator-compromise.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21683 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:3132 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image width download attempt (web-client.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21433 <-> DISABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21679 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21663 <-> DISABLED <-> EXPLOIT CA BrightStor Agent for Microsoft SQL overflow attempt (exploit.rules)
 * 1:21584 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:4675 <-> DISABLED <-> WEB-CLIENT Adobe Flash DOACTION tag overflow attempt (web-client.rules)
 * 1:21432 <-> DISABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21761 <-> ENABLED <-> BOTNET-CNC Win32.Swisyn variant runtime detection (botnet-cnc.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:21680 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:21682 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21647 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21422 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:21109 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21625 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:3534 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - NETSCAPE2.0 (web-client.rules)
 * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21611 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21681 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:2673 <-> DISABLED <-> WEB-CLIENT libpng tRNS overflow attempt (web-client.rules)
 * 1:21111 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21617 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21756 <-> ENABLED <-> BOTNET-CNC Apple OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21152 <-> DISABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules)
 * 1:21678 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:3133 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image height download attempt (web-client.rules)
 * 1:21153 <-> DISABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21586 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21423 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:21444 <-> ENABLED <-> BOTNET-CNC TDSS outbound connection (botnet-cnc.rules)
 * 1:21624 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:2412 <-> ENABLED <-> INDICATOR-COMPROMISE successful cross site scripting forced download attempt (indicator-compromise.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:3819 <-> ENABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:21686 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21443 <-> ENABLED <-> BOTNET-CNC TDSS outbound connection (botnet-cnc.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21802 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21806 <-> ENABLED <-> NETBIOS Samba malicious user defined array size and buffer attempt (netbios.rules)
 * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:21627 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21168 <-> ENABLED <-> WEB-CLIENT AVI file chunk length integer overflow attempt (web-client.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:12728 <-> ENABLED <-> WEB-CLIENT RealNetworks SMIL wallclock stack overflow attempt (web-client.rules)
 * 1:16648 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules)
 * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow (file-office.rules)
 * 1:10115 <-> DISABLED <-> WEB-CLIENT Microsoft Windows WMF DOS attempt (web-client.rules)
 * 1:11836 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules)
 * 1:1200 <-> DISABLED <-> INDICATOR-COMPROMISE Invalid URL (indicator-compromise.rules)
 * 1:1201 <-> DISABLED <-> INDICATOR-COMPROMISE 403 Forbidden (indicator-compromise.rules)
 * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record (file-office.rules)
 * 1:12766 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (web-activex.rules)
 * 1:16647 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules)
 * 1:16640 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules)
 * 1:15693 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (web-client.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:15854 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile media file processing memory corruption attempt (web-client.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15541 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:13865 <-> DISABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:16234 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15427 <-> DISABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules)
 * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules)
 * 1:16342 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile truncated media file processing memory corruption attempt (web-client.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:16293 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Flash memory corruption attempt (web-client.rules)
 * 1:13293 <-> DISABLED <-> WEB-CLIENT Apple QuickTime panorama atoms buffer overflow attempt (web-client.rules)
 * 1:1464 <-> DISABLED <-> INDICATOR-COMPROMISE oracle one hour install (indicator-compromise.rules)
 * 1:16226 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules)
 * 1:13466 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section length headers memory corruption attempt (web-client.rules)
 * 1:16220 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave director file malformed lcsr block memory corruption attempt (web-client.rules)
 * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record (file-office.rules)
 * 1:15582 <-> DISABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:13823 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (web-client.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:16471 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:15524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:15517 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (web-client.rules)
 * 1:13926 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules)
 * 1:16461 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:15303 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules)
 * 1:13911 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:13821 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules)
 * 1:16463 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules)
 * 1:16462 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:16321 <-> ENABLED <-> WEB-CLIENT Adobe tiff oversized image length attempt (web-client.rules)
 * 1:15580 <-> DISABLED <-> SPECIFIC-THREATS Squid oversized reply header handling exploit attempt (specific-threats.rules)
 * 1:16476 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16436 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90,v2.93-3.00 packed file magic detected (file-identify.rules)
 * 1:13301 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player embedded JPG image width overflow attempt (web-client.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:15525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules)
 * 1:14019 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:16014 <-> DISABLED <-> DOS Novell eDirectory HTTP headers denial of service attempt (dos.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:16314 <-> ENABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules)
 * 1:15105 <-> ENABLED <-> WEB-CLIENT Microsoft GDI WMF file parsing integer overflow attempt (web-client.rules)
 * 1:15480 <-> ENABLED <-> WEB-CLIENT Apple QuickTime movie record invalid version number exploit attempt (web-client.rules)
 * 1:16318 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules)
 * 1:15542 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules)
 * 1:16052 <-> DISABLED <-> DOS Novell iManager Tree parameter denial of service attempt (dos.rules)
 * 1:13915 <-> DISABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:16469 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:16424 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Script Host Shell Object ActiveX clsid access (web-activex.rules)
 * 1:15188 <-> DISABLED <-> MISC Multiple vendors CUPS HPGL filter remote code execution attempt (misc.rules)
 * 1:16313 <-> ENABLED <-> FILE-IDENTIFY download of executable content - x-header (file-identify.rules)
 * 1:13807 <-> DISABLED <-> WEB-CLIENT Microsoft Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules)
 * 1:5741 <-> DISABLED <-> WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt (web-client.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:16178 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:16470 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:16177 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:15306 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:16072 <-> DISABLED <-> SPECIFIC-THREATS CUPS server query metacharacter buffer overflow attempt (specific-threats.rules)
 * 1:15428 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:13678 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file download request (file-identify.rules)
 * 1:16198 <-> DISABLED <-> SPECIFIC-THREATS Apache mod_auth_pgsql module logging facility format string exploit attempt (specific-threats.rules)
 * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules)
 * 1:16316 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player malformed getPropertyLate actioncode attempt (web-client.rules)
 * 1:15500 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules)
 * 1:16186 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (web-client.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:8445 <-> DISABLED <-> WEB-CLIENT Microsoft Windows RTF file with embedded object package download attempt (web-client.rules)
 * 1:16183 <-> ENABLED <-> WEB-CLIENT Microsoft Windows .NET MSIL CombineImpl suspicious usage (web-client.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:13300 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player embedded JPG image height overflow attempt (web-client.rules)
 * 1:16223 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave tSAC pointer overwrite attempt (web-client.rules)
 * 1:16410 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:16233 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules)
 * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules)
 * 1:16435 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules)
 * 1:15467 <-> ENABLED <-> FILE-OFFICE Microsoft WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules)
 * 1:15469 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules)
 * 1:13822 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:13584 <-> DISABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:13820 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player SWF scene and label data memory corruption attempt (web-client.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:16466 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:8427 <-> DISABLED <-> MISC SSLv2 openssl get shared ciphers overflow attempt (misc.rules)
 * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules)
 * 1:7201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word summary information null string overflow attempt (file-office.rules)
 * 1:6700 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (web-client.rules)
 * 1:8428 <-> DISABLED <-> MISC SSLv2 openssl get shared ciphers overflow attempt (misc.rules)
 * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:9801 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (web-client.rules)
 * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules)
 * 1:7200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information null string overflow attempt (file-office.rules)
 * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules)
 * 1:16641 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file download request (file-identify.rules)
 * 1:16481 <-> DISABLED <-> WEB-CLIENT Opera Content-Length header integer overflow attempt (web-client.rules)
 * 1:16477 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:16553 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules)
 * 1:16586 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:11192 <-> ENABLED <-> FILE-IDENTIFY download of executable content (file-identify.rules)
 * 1:21877 <-> ENABLED <-> BOTNET-CNC Apple OSX.Sabpub outbound connection (botnet-cnc.rules)
 * 1:21244 <-> ENABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:21760 <-> ENABLED <-> BOTNET-CNC Win32.Swisyn variant runtime detection (botnet-cnc.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:14020 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:5711 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:16643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules)
 * 1:16645 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:16646 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules)
 * 1:6502 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (web-client.rules)
 * 1:16630 <-> DISABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16535 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules)
 * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules)
 * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules)
 * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:19306 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules)
 * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules)
 * 1:19322 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer and Sharepoint toStaticHTML information disclosure attempt (specific-threats.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> DISABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19431 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19432 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19436 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (web-client.rules)
 * 1:19445 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Timecode header RCE attempt (web-client.rules)
 * 1:19446 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media file name header RCE attempt (web-client.rules)
 * 1:19447 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media content type header RCE attempt (web-client.rules)
 * 1:19448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media pixel aspect ratio header RCE attempt (web-client.rules)
 * 1:19449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19450 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19458 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:19459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:19552 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules)
 * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19682 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 integer overflow attempt (web-client.rules)
 * 1:19683 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 buffer overflow attempt (web-client.rules)
 * 1:19811 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:19818 <-> DISABLED <-> WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (web-client.rules)
 * 1:19911 <-> ENABLED <-> WEB-CLIENT Microsoft SYmbolic LinK stack overflow attempt (web-client.rules)
 * 1:19943 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules)
 * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME Record Memory Corruption (file-office.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules)
 * 1:20121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid AxisParent record (file-office.rules)
 * 1:20122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid AxisParent record (file-office.rules)
 * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid ShrFmla record (file-office.rules)
 * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules)
 * 1:20202 <-> ENABLED <-> BOTNET-CNC Apple OSX.Revir-1 outbound connection (botnet-cnc.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20269 <-> DISABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20270 <-> ENABLED <-> WEB-CLIENT Microsoft Windows afd.sys kernel-mode memory corruption attempt (web-client.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20288 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer QCP parsing buffer overflow attempt (web-client.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:20720 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules)
 * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (file-office.rules)
 * 1:20723 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20749 <-> DISABLED <-> EXPLOIT EMC Retrospect client crafted packet buffer overflow attempt (exploit.rules)
 * 1:20751 <-> DISABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20839 <-> DISABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> DISABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> DISABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20850 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20856 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20897 <-> DISABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:9840 <-> DISABLED <-> WEB-CLIENT Apple QuickTime HREF Track Detected (web-client.rules)
 * 3:13582 <-> ENABLED <-> WEB-CLIENT Microsoft Excel sst record arbitrary code execution attempt (web-client.rules)
 * 3:13969 <-> ENABLED <-> WEB-CLIENT Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (web-client.rules)
 * 3:17663 <-> ENABLED <-> EXPLOIT Apple CUPS SGI image format decoding imagetops filter buffer overflow attempt (exploit.rules)
 * 3:19350 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Player Director file FFFFFF88 record integer overflow attempt (web-client.rules)
 * 3:13469 <-> ENABLED <-> WEB-CLIENT Microsoft Word ole stream memory corruption attempt (web-client.rules)
 * 3:13308 <-> ENABLED <-> WEB-MISC Apache HTTP server auth_ldap logging function format string vulnerability (web-misc.rules)