Sourcefire VRT Rules Update

Date: 2012-05-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:22940 <-> ENABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules)
 * 1:22937 <-> DISABLED <-> BOTNET-CNC Trojan.Proxyier outbound connection (botnet-cnc.rules)
 * 1:22925 <-> DISABLED <-> BACKDOOR c99shell.php command request - security (backdoor.rules)
 * 1:22920 <-> DISABLED <-> BACKDOOR c99shell.php command request - about (backdoor.rules)
 * 1:22931 <-> DISABLED <-> BACKDOOR c99shell.php command request - ls (backdoor.rules)
 * 1:22941 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Malicious PDF qweqwe= (specific-threats.rules)
 * 1:22928 <-> DISABLED <-> BACKDOOR c99shell.php command request - feedback (backdoor.rules)
 * 1:22934 <-> DISABLED <-> BACKDOOR c99shell.php command request - update (backdoor.rules)
 * 1:22926 <-> DISABLED <-> BACKDOOR c99shell.php command request - sql (backdoor.rules)
 * 1:22938 <-> DISABLED <-> FILE-PDF Adobe Reader embedded TTF interger overflow attempt (file-pdf.rules)
 * 1:22917 <-> DISABLED <-> BACKDOOR c99shell.php command request - cmd (backdoor.rules)
 * 1:22933 <-> DISABLED <-> BACKDOOR c99shell.php command request - tools (backdoor.rules)
 * 1:22936 <-> DISABLED <-> BACKDOOR c99shell.php command request - processes (backdoor.rules)
 * 1:22918 <-> DISABLED <-> BACKDOOR c99shell.php command request - search (backdoor.rules)
 * 1:22927 <-> DISABLED <-> BACKDOOR c99shell.php command request - eval (backdoor.rules)
 * 1:22922 <-> DISABLED <-> BACKDOOR c99shell.php command request - bind (backdoor.rules)
 * 1:22923 <-> DISABLED <-> BACKDOOR c99shell.php command request - ps_aux (backdoor.rules)
 * 1:22932 <-> DISABLED <-> BACKDOOR c99shell.php command request - phpinfo (backdoor.rules)
 * 1:22930 <-> DISABLED <-> BACKDOOR c99shell.php command request - fsbuff (backdoor.rules)
 * 1:22921 <-> DISABLED <-> BACKDOOR c99shell.php command request - encoder (backdoor.rules)
 * 1:22924 <-> DISABLED <-> BACKDOOR c99shell.php command request - ftpquickbrute (backdoor.rules)
 * 1:22935 <-> DISABLED <-> BACKDOOR c99shell.php command request - chmod (backdoor.rules)
 * 1:22919 <-> DISABLED <-> BACKDOOR c99shell.php command request - upload (backdoor.rules)
 * 1:22939 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user agent RAbcLib (blacklist.rules)
 * 1:22929 <-> DISABLED <-> BACKDOOR c99shell.php command request - selfremove (backdoor.rules)

Modified Rules:


 * 1:7637 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:7639 <-> DISABLED <-> BACKDOOR air runtime detection - php notification (backdoor.rules)
 * 1:10078 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10079 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10080 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10081 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10082 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10083 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10186 <-> DISABLED <-> SMTP ClamAV mime parsing directory traversal (smtp.rules)
 * 1:10196 <-> DISABLED <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules)
 * 1:10197 <-> DISABLED <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules)
 * 1:10447 <-> DISABLED <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules)
 * 1:11686 <-> DISABLED <-> EXPLOIT Microsoft Windows WebDAV search overflow attempt (exploit.rules)
 * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail UNC navigation remote command execution (server-mail.rules)
 * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules)
 * 1:12592 <-> DISABLED <-> SMTP Recipient arbitrary command injection attempt (smtp.rules)
 * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules)
 * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules)
 * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules)
 * 1:12807 <-> DISABLED <-> SMTP Lotus 123 file attachment (smtp.rules)
 * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules)
 * 1:13844 <-> DISABLED <-> SPECIFIC-THREATS BDAT size longer than contents exploit attempt (specific-threats.rules)
 * 1:13845 <-> DISABLED <-> SPECIFIC-THREATS BDAT size public exploit attempt (specific-threats.rules)
 * 1:13894 <-> DISABLED <-> SMTP Micrsoft Office Outlook Web Access From field cross-site scripting attempt  (smtp.rules)
 * 1:13895 <-> ENABLED <-> SMTP Micrsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt  (smtp.rules)
 * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules)
 * 1:13970 <-> ENABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules)
 * 1:1450 <-> DISABLED <-> SERVER-MAIL Vintra Mailserver expn *@ (server-mail.rules)
 * 1:15082 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules)
 * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules)
 * 1:15106 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:15163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules)
 * 1:15358 <-> ENABLED <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules)
 * 1:15359 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent via email (smtp.rules)
 * 1:15360 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent in email (smtp.rules)
 * 1:15361 <-> DISABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules)
 * 1:15485 <-> ENABLED <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules)
 * 1:15494 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent from email (smtp.rules)
 * 1:15495 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent by email (smtp.rules)
 * 1:15496 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent through email (smtp.rules)
 * 1:15497 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent with email (smtp.rules)
 * 1:15562 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader JPX malformed code-block width attempt (file-pdf.rules)
 * 1:15681 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules)
 * 1:15728 <-> ENABLED <-> FILE-PDF Possible Adobe PDF ActionScript byte_array heap spray attempt (file-pdf.rules)
 * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules)
 * 1:15954 <-> DISABLED <-> SPECIFIC-THREATS SpamAssassin malformed email header DoS attempt (specific-threats.rules)
 * 1:16022 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules)
 * 1:16098 <-> DISABLED <-> BACKDOOR win32.cekar variant runtime detection (backdoor.rules)
 * 1:16172 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D line set heap corruption attempt (file-pdf.rules)
 * 1:16173 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules)
 * 1:16174 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules)
 * 1:16175 <-> ENABLED <-> FILE-PDF Adobe collab.removeStateModel denial of service attempt (file-pdf.rules)
 * 1:16176 <-> ENABLED <-> FILE-PDF Adobe collab.addStateModel remote corruption attempt (file-pdf.rules)
 * 1:16199 <-> DISABLED <-> SPECIFIC-THREATS SpamAssassin long message header denial of service attempt (specific-threats.rules)
 * 1:16200 <-> DISABLED <-> SPECIFIC-THREATS Firefox command line URL shell command injection attempt (specific-threats.rules)
 * 1:16201 <-> DISABLED <-> SPECIFIC-THREATS Ipswitch Collaboration Suite SMTP format string exploit attempt (specific-threats.rules)
 * 1:16322 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader oversized object width attempt (file-pdf.rules)
 * 1:16323 <-> ENABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16324 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules)
 * 1:16325 <-> ENABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules)
 * 1:16333 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules)
 * 1:16373 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D CLODMeshContinuation code execution attempt (file-pdf.rules)
 * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules)
 * 1:16467 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules)
 * 1:16468 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules)
 * 1:16490 <-> ENABLED <-> FILE-PDF Adobe Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16523 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:16546 <-> ENABLED <-> FILE-PDF Adobe Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules)
 * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules)
 * 1:16600 <-> DISABLED <-> BACKDOOR Otlard Trojan activity (backdoor.rules)
 * 1:16633 <-> ENABLED <-> FILE-PDF Adobe PDF File containing Flash use-after-free attack (file-pdf.rules)
 * 1:16664 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat authplay.dll vulnerability exploit attempt (file-pdf.rules)
 * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16693 <-> ENABLED <-> BOTNET-CNC Torpig bot sinkhole server DNS lookup attempt (botnet-cnc.rules)
 * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules)
 * 1:16801 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules)
 * 1:16934 <-> DISABLED <-> PHISHING-SPAM pku-edp.cn known spam email attempt (phishing-spam.rules)
 * 1:16935 <-> DISABLED <-> PHISHING-SPAM sjtu-edp.cn known spam email attempt (phishing-spam.rules)
 * 1:16936 <-> DISABLED <-> PHISHING-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (phishing-spam.rules)
 * 1:16937 <-> DISABLED <-> PHISHING-SPAM bestdrug-store.com known spam email attempt (phishing-spam.rules)
 * 1:16938 <-> DISABLED <-> PHISHING-SPAM pharmrik66y.ru known spam email attempt (phishing-spam.rules)
 * 1:16939 <-> DISABLED <-> PHISHING-SPAM refillleonardo59y.ru known spam email attempt (phishing-spam.rules)
 * 1:16940 <-> DISABLED <-> PHISHING-SPAM medfreddie55a.ru known spam email attempt (phishing-spam.rules)
 * 1:16941 <-> DISABLED <-> PHISHING-SPAM drugshershel38w.ru known spam email attempt (phishing-spam.rules)
 * 1:16942 <-> DISABLED <-> PHISHING-SPAM drugshayyim77n.ru known spam email attempt (phishing-spam.rules)
 * 1:16943 <-> DISABLED <-> PHISHING-SPAM erectguthry99c.ru known spam email attempt (phishing-spam.rules)
 * 1:16944 <-> DISABLED <-> PHISHING-SPAM pilldory92n.ru known spam email attempt (phishing-spam.rules)
 * 1:16945 <-> DISABLED <-> PHISHING-SPAM tabwinn77t.ru known spam email attempt (phishing-spam.rules)
 * 1:16946 <-> DISABLED <-> PHISHING-SPAM pillrenault15j.ru known spam email attempt (phishing-spam.rules)
 * 1:16947 <-> DISABLED <-> PHISHING-SPAM pharmrolland95h.ru known spam email attempt (phishing-spam.rules)
 * 1:16948 <-> DISABLED <-> PHISHING-SPAM onlineheindrick60i.ru known spam email attempt (phishing-spam.rules)
 * 1:16949 <-> DISABLED <-> PHISHING-SPAM erectnormie71a.ru known spam email attempt (phishing-spam.rules)
 * 1:16950 <-> DISABLED <-> PHISHING-SPAM tabscotti71i.ru known spam email attempt (phishing-spam.rules)
 * 1:16951 <-> DISABLED <-> PHISHING-SPAM drugsjudd45f.ru known spam email attempt (phishing-spam.rules)
 * 1:16952 <-> DISABLED <-> PHISHING-SPAM pharmharman55y.ru known spam email attempt (phishing-spam.rules)
 * 1:16953 <-> DISABLED <-> PHISHING-SPAM medgaultiero11e.ru known spam email attempt (phishing-spam.rules)
 * 1:16954 <-> DISABLED <-> PHISHING-SPAM pillgaylor21n.ru known spam email attempt (phishing-spam.rules)
 * 1:16955 <-> DISABLED <-> PHISHING-SPAM drugspenn84f.ru known spam email attempt (phishing-spam.rules)
 * 1:16956 <-> DISABLED <-> PHISHING-SPAM medebeneser68c.ru known spam email attempt (phishing-spam.rules)
 * 1:16957 <-> DISABLED <-> PHISHING-SPAM tabmario94r.ru known spam email attempt (phishing-spam.rules)
 * 1:16958 <-> DISABLED <-> PHISHING-SPAM tablennard88q.ru known spam email attempt (phishing-spam.rules)
 * 1:16959 <-> DISABLED <-> PHISHING-SPAM medforster79j.ru known spam email attempt (phishing-spam.rules)
 * 1:16960 <-> DISABLED <-> PHISHING-SPAM erectvincent21v.ru known spam email attempt (phishing-spam.rules)
 * 1:16961 <-> DISABLED <-> PHISHING-SPAM drugsdemott21o.ru known spam email attempt (phishing-spam.rules)
 * 1:16962 <-> DISABLED <-> PHISHING-SPAM onlinelovell30p.ru known spam email attempt (phishing-spam.rules)
 * 1:16963 <-> DISABLED <-> PHISHING-SPAM erecttaylor49i.ru known spam email attempt (phishing-spam.rules)
 * 1:16964 <-> DISABLED <-> PHISHING-SPAM smellexact.ru known spam email attempt (phishing-spam.rules)
 * 1:16965 <-> DISABLED <-> PHISHING-SPAM givehome.ru known spam email attempt (phishing-spam.rules)
 * 1:16966 <-> DISABLED <-> PHISHING-SPAM thingpath.ru known spam email attempt (phishing-spam.rules)
 * 1:16967 <-> DISABLED <-> PHISHING-SPAM wereif.ru known spam email attempt (phishing-spam.rules)
 * 1:16968 <-> DISABLED <-> PHISHING-SPAM bassmax.ru known spam email attempt (phishing-spam.rules)
 * 1:16969 <-> DISABLED <-> PHISHING-SPAM steadfig.ru known spam email attempt (phishing-spam.rules)
 * 1:16970 <-> DISABLED <-> PHISHING-SPAM drugsmayne5a.ru known spam email attempt (phishing-spam.rules)
 * 1:16971 <-> DISABLED <-> PHISHING-SPAM mystick.ru known spam email attempt (phishing-spam.rules)
 * 1:16972 <-> DISABLED <-> PHISHING-SPAM drugsrey95a.ru known spam email attempt (phishing-spam.rules)
 * 1:16973 <-> DISABLED <-> PHISHING-SPAM milklowly.ru known spam email attempt (phishing-spam.rules)
 * 1:16974 <-> DISABLED <-> PHISHING-SPAM numberenough.ru known spam email attempt (phishing-spam.rules)
 * 1:16975 <-> DISABLED <-> PHISHING-SPAM oldsheer.ru known spam email attempt (phishing-spam.rules)
 * 1:16976 <-> DISABLED <-> PHISHING-SPAM logzest.ru known spam email attempt (phishing-spam.rules)
 * 1:16977 <-> DISABLED <-> PHISHING-SPAM energypotent.ru known spam email attempt (phishing-spam.rules)
 * 1:16978 <-> DISABLED <-> PHISHING-SPAM outhave.ru known spam email attempt (phishing-spam.rules)
 * 1:16979 <-> DISABLED <-> PHISHING-SPAM solvecalm.ru known spam email attempt (phishing-spam.rules)
 * 1:16980 <-> DISABLED <-> PHISHING-SPAM stillvisit.ru known spam email attempt (phishing-spam.rules)
 * 1:16981 <-> DISABLED <-> PHISHING-SPAM livelycall.ru known spam email attempt (phishing-spam.rules)
 * 1:16982 <-> DISABLED <-> PHISHING-SPAM 64.com1.ru known spam email attempt (phishing-spam.rules)
 * 1:16983 <-> DISABLED <-> PHISHING-SPAM heatsettle.ru known spam email attempt (phishing-spam.rules)
 * 1:16984 <-> DISABLED <-> PHISHING-SPAM freshmuch.ru known spam email attempt (phishing-spam.rules)
 * 1:16985 <-> DISABLED <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules)
 * 1:16987 <-> DISABLED <-> PHISHING-SPAM tabemmerich86b.ru known spam email attempt (phishing-spam.rules)
 * 1:16988 <-> DISABLED <-> PHISHING-SPAM moderneight.ru known spam email attempt (phishing-spam.rules)
 * 1:16989 <-> DISABLED <-> PHISHING-SPAM tabferd49a.ru known spam email attempt (phishing-spam.rules)
 * 1:16990 <-> DISABLED <-> PHISHING-SPAM nextmail.ru known spam email attempt (phishing-spam.rules)
 * 1:16991 <-> DISABLED <-> PHISHING-SPAM fruitone.ru known spam email attempt (phishing-spam.rules)
 * 1:16992 <-> DISABLED <-> PHISHING-SPAM liquideat.ru known spam email attempt (phishing-spam.rules)
 * 1:16993 <-> DISABLED <-> PHISHING-SPAM tabwinn2a.ru known spam email attempt (phishing-spam.rules)
 * 1:16994 <-> DISABLED <-> PHISHING-SPAM abletool.ru known spam email attempt (phishing-spam.rules)
 * 1:16995 <-> DISABLED <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules)
 * 1:16996 <-> DISABLED <-> PHISHING-SPAM quincytab.ru known spam email attempt (phishing-spam.rules)
 * 1:16997 <-> DISABLED <-> PHISHING-SPAM giacoporx.ru known spam email attempt (phishing-spam.rules)
 * 1:16998 <-> DISABLED <-> PHISHING-SPAM drugsnevile.ru known spam email attempt (phishing-spam.rules)
 * 1:16999 <-> DISABLED <-> PHISHING-SPAM jasemed.ru known spam email attempt (phishing-spam.rules)
 * 1:17000 <-> DISABLED <-> PHISHING-SPAM ximenezdrug.ru known spam email attempt (phishing-spam.rules)
 * 1:17001 <-> DISABLED <-> PHISHING-SPAM dillonline.ru known spam email attempt (phishing-spam.rules)
 * 1:17002 <-> DISABLED <-> PHISHING-SPAM swellliquid.ru known spam email attempt (phishing-spam.rules)
 * 1:17003 <-> DISABLED <-> PHISHING-SPAM younglaugh.ru known spam email attempt (phishing-spam.rules)
 * 1:17004 <-> DISABLED <-> PHISHING-SPAM 2047757.kaskad-travel.ru known spam email attempt (phishing-spam.rules)
 * 1:17005 <-> DISABLED <-> PHISHING-SPAM paintwater.ru known spam email attempt (phishing-spam.rules)
 * 1:17006 <-> DISABLED <-> PHISHING-SPAM lovingover.ru known spam email attempt (phishing-spam.rules)
 * 1:17007 <-> DISABLED <-> PHISHING-SPAM pharmerastus.ru known spam email attempt (phishing-spam.rules)
 * 1:17008 <-> DISABLED <-> PHISHING-SPAM hisoffer.ru known spam email attempt (phishing-spam.rules)
 * 1:17009 <-> DISABLED <-> PHISHING-SPAM butleft.ru known spam email attempt (phishing-spam.rules)
 * 1:17010 <-> DISABLED <-> PHISHING-SPAM starknow.ru known spam email attempt (phishing-spam.rules)
 * 1:17011 <-> DISABLED <-> PHISHING-SPAM beginwisdom.ru known spam email attempt (phishing-spam.rules)
 * 1:17012 <-> DISABLED <-> PHISHING-SPAM oneus.ru known spam email attempt (phishing-spam.rules)
 * 1:17013 <-> DISABLED <-> PHISHING-SPAM reapcomfy.ru known spam email attempt (phishing-spam.rules)
 * 1:17014 <-> DISABLED <-> PHISHING-SPAM rowsay.ru known spam email attempt (phishing-spam.rules)
 * 1:17015 <-> DISABLED <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules)
 * 1:17016 <-> DISABLED <-> PHISHING-SPAM boxdouble.ru known spam email attempt (phishing-spam.rules)
 * 1:17017 <-> DISABLED <-> PHISHING-SPAM beatmoon.ru known spam email attempt (phishing-spam.rules)
 * 1:17018 <-> DISABLED <-> PHISHING-SPAM ensureequate.ru known spam email attempt (phishing-spam.rules)
 * 1:17020 <-> DISABLED <-> PHISHING-SPAM sheerwheel.ru known spam email attempt (phishing-spam.rules)
 * 1:17021 <-> DISABLED <-> PHISHING-SPAM nearpass.ru known spam email attempt (phishing-spam.rules)
 * 1:17022 <-> DISABLED <-> PHISHING-SPAM thatmile.ru known spam email attempt (phishing-spam.rules)
 * 1:17023 <-> DISABLED <-> PHISHING-SPAM hillfoot.ru known spam email attempt (phishing-spam.rules)
 * 1:17024 <-> DISABLED <-> PHISHING-SPAM writeobject.ru known spam email attempt (phishing-spam.rules)
 * 1:17025 <-> DISABLED <-> PHISHING-SPAM thoughthese.ru known spam email attempt (phishing-spam.rules)
 * 1:17026 <-> DISABLED <-> PHISHING-SPAM redlead.ru known spam email attempt (phishing-spam.rules)
 * 1:17027 <-> DISABLED <-> PHISHING-SPAM scoreenjoy.ru known spam email attempt (phishing-spam.rules)
 * 1:17029 <-> DISABLED <-> PHISHING-SPAM tenderpower.ru known spam email attempt (phishing-spam.rules)
 * 1:17030 <-> DISABLED <-> PHISHING-SPAM fewvalley.ru known spam email attempt (phishing-spam.rules)
 * 1:17031 <-> DISABLED <-> PHISHING-SPAM burnshy.ru known spam email attempt (phishing-spam.rules)
 * 1:17032 <-> DISABLED <-> PHISHING-SPAM centtry.ru known spam email attempt (phishing-spam.rules)
 * 1:17033 <-> DISABLED <-> PHISHING-SPAM signpearl.ru known spam email attempt (phishing-spam.rules)
 * 1:17034 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17035 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17036 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17039 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17275 <-> DISABLED <-> SPECIFIC-THREATS Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (specific-threats.rules)
 * 1:17288 <-> ENABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:17310 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer Memory Allocation Code Execution (file-office.rules)
 * 1:17383 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules)
 * 1:17404 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17406 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17471 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:17472 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules)
 * 1:17493 <-> DISABLED <-> SPECIFIC-THREATS ClamAV UPX FileHandling Heap overflow attempt (specific-threats.rules)
 * 1:17526 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules)
 * 1:17559 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (specific-threats.rules)
 * 1:17565 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules)
 * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules)
 * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string (file-pdf.rules)
 * 1:17698 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer wav chunk string overflow attempt in email (specific-threats.rules)
 * 1:17716 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules)
 * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules)
 * 1:17736 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA Type-2 file handling overflow attempt (specific-threats.rules)
 * 1:17737 <-> DISABLED <-> SPECIFIC-THREATS Microsoft collaboration data objects buffer overflow attempt (specific-threats.rules)
 * 1:17743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules)
 * 1:17777 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes WPD attachment handling buffer overflow (specific-threats.rules)
 * 1:17918 <-> DISABLED <-> PHISHING-SPAM aaof.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17919 <-> DISABLED <-> PHISHING-SPAM akiq.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17920 <-> DISABLED <-> PHISHING-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17921 <-> DISABLED <-> PHISHING-SPAM argue.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17922 <-> DISABLED <-> PHISHING-SPAM ava.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17923 <-> DISABLED <-> PHISHING-SPAM axoseb.medicdrugsxck.ru known spam email attempt (phishing-spam.rules)
 * 1:17924 <-> DISABLED <-> PHISHING-SPAM azo.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17925 <-> DISABLED <-> PHISHING-SPAM back.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17926 <-> DISABLED <-> PHISHING-SPAM by.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17927 <-> DISABLED <-> PHISHING-SPAM cardinals.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17928 <-> DISABLED <-> PHISHING-SPAM chemist.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules)
 * 1:17929 <-> DISABLED <-> PHISHING-SPAM chula.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17930 <-> DISABLED <-> PHISHING-SPAM classification.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17931 <-> DISABLED <-> PHISHING-SPAM compensate.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17932 <-> DISABLED <-> PHISHING-SPAM cswjlxey.ru known spam email attempt (phishing-spam.rules)
 * 1:17933 <-> DISABLED <-> PHISHING-SPAM current.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17934 <-> DISABLED <-> PHISHING-SPAM cyacaz.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17935 <-> DISABLED <-> PHISHING-SPAM deepcenter.ru known spam email attempt (phishing-spam.rules)
 * 1:17936 <-> DISABLED <-> PHISHING-SPAM delegate.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17937 <-> DISABLED <-> PHISHING-SPAM diet.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17938 <-> DISABLED <-> PHISHING-SPAM direct.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17939 <-> DISABLED <-> PHISHING-SPAM divyo.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17940 <-> DISABLED <-> PHISHING-SPAM drugsgeorge65g.ru known spam email attempt (phishing-spam.rules)
 * 1:17941 <-> DISABLED <-> PHISHING-SPAM dux.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17942 <-> DISABLED <-> PHISHING-SPAM dypoh.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17943 <-> DISABLED <-> PHISHING-SPAM eaihar.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17944 <-> DISABLED <-> PHISHING-SPAM eeez.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17945 <-> DISABLED <-> PHISHING-SPAM egi.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17946 <-> DISABLED <-> PHISHING-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17947 <-> DISABLED <-> PHISHING-SPAM eka.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17948 <-> DISABLED <-> PHISHING-SPAM election.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17949 <-> DISABLED <-> PHISHING-SPAM elik.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17950 <-> DISABLED <-> PHISHING-SPAM epeno.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17951 <-> DISABLED <-> PHISHING-SPAM erectgodart30s.ru known spam email attempt (phishing-spam.rules)
 * 1:17952 <-> DISABLED <-> PHISHING-SPAM erol.camedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17953 <-> DISABLED <-> PHISHING-SPAM exa.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17954 <-> DISABLED <-> PHISHING-SPAM eyu.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17955 <-> DISABLED <-> PHISHING-SPAM fashionchannel.ru known spam email attempt (phishing-spam.rules)
 * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:658 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange Server 5.5 mime DOS (server-mail.rules)
 * 1:6018 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21813 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:2268 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too long addresses overflow (server-mail.rules)
 * 1:655 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:668 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:21628 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:2261 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too many addresses overflow (server-mail.rules)
 * 1:21537 <-> ENABLED <-> FILE-PDF Possible malicious pdf cve-2010-0188 string (file-pdf.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint pptx file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:21250 <-> DISABLED <-> BACKDOOR Win32.VBasddsa.A runtime traffic detected (backdoor.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21583 <-> ENABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:3815 <-> DISABLED <-> SERVER-MAIL Kinesphere eXchange POP3 mail server overflow attempt (server-mail.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:6297 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules)
 * 1:669 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:21878 <-> DISABLED <-> FILE-PDF Adobe Reader embedded TTF interger overflow attempt (file-pdf.rules)
 * 1:661 <-> DISABLED <-> SERVER-MAIL Majordomo ifs (server-mail.rules)
 * 1:6474 <-> DISABLED <-> BACKDOOR W32.loosky.gen runtime detection - notification (backdoor.rules)
 * 1:2266 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too long addresses overflow (server-mail.rules)
 * 1:21367 <-> DISABLED <-> BACKDOOR Win32 VB.abcl runtime traffic detected (backdoor.rules)
 * 1:2262 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too long addresses overflow (server-mail.rules)
 * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21249 <-> DISABLED <-> BACKDOOR Win32.VBasddsa.A runtime traffic detected (backdoor.rules)
 * 1:21957 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21296 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21765 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules)
 * 1:21374 <-> DISABLED <-> BACKDOOR Win32.Bifrose.EF runtime traffic detected (backdoor.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:21014 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21364 <-> DISABLED <-> BACKDOOR DOQ.gen.y RUNTIME traffic detected (backdoor.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules)
 * 1:6043 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:5739 <-> DISABLED <-> SMTP headers too long server response (smtp.rules)
 * 1:21690 <-> DISABLED <-> FILE-IDENTIFY Hypertext Markup Language file attachment detected (file-identify.rules)
 * 1:21816 <-> DISABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:657 <-> DISABLED <-> SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt (server-mail.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:2270 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too long addresses overflow (server-mail.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:7073 <-> DISABLED <-> BACKDOOR W32.dumaru.gen runtime detection - notification (backdoor.rules)
 * 1:21111 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:6115 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules)
 * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21010 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21372 <-> DISABLED <-> BACKDOOR Malware Defense runtime traffic detected (backdoor.rules)
 * 1:21373 <-> DISABLED <-> BACKDOOR Malware Defense runtime traffic detected (backdoor.rules)
 * 1:6413 <-> DISABLED <-> SMTP Microsoft Windows Address Book Base64 encoded attachment detected (smtp.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21433 <-> DISABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:2267 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too many addresses overflow (server-mail.rules)
 * 1:665 <-> DISABLED <-> SERVER-MAIL Sendmail 5.6.5 exploit (server-mail.rules)
 * 1:2265 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too many addresses overflow (server-mail.rules)
 * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:6300 <-> DISABLED <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21871 <-> DISABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21412 <-> DISABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:3462 <-> DISABLED <-> SERVER-MAIL Microsoft Internet Explorer Content-Encoding overflow attempt (server-mail.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21254 <-> ENABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:6059 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules)
 * 1:21700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:6042 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules)
 * 1:660 <-> DISABLED <-> SERVER-MAIL expn root (server-mail.rules)
 * 1:6058 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules)
 * 1:21694 <-> DISABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21277 <-> DISABLED <-> BACKDOOR Win32.Shexie.A runtime traffic detected (backdoor.rules)
 * 1:6396 <-> DISABLED <-> BACKDOOR a-311 death user-agent string detected (backdoor.rules)
 * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules)
 * 1:21253 <-> DISABLED <-> FILE-PDF Adobe Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:21027 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX function call (web-activex.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:21624 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21804 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21895 <-> DISABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21766 <-> ENABLED <-> EXPLOIT Apple QuickDraw PICT images ARGB records handling memory corruption attempt (exploit.rules)
 * 1:21362 <-> DISABLED <-> BACKDOOR Trojan Win32.TDSS.aa runtime traffic detected (backdoor.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:667 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:659 <-> DISABLED <-> SERVER-MAIL Sendmail expn decode (server-mail.rules)
 * 1:664 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO decode attempt (server-mail.rules)
 * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules)
 * 1:21357 <-> DISABLED <-> EXPLOIT Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (exploit.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:6019 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21866 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:6296 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21618 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:663 <-> DISABLED <-> SERVER-MAIL Sendmail rcpt to command attempt (server-mail.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21439 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:21862 <-> DISABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:2269 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too many addresses overflow (server-mail.rules)
 * 1:21809 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21294 <-> DISABLED <-> BACKDOOR Win32.Bancodor.be runtime traffic detected (backdoor.rules)
 * 1:22102 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:2263 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too many addresses overflow (server-mail.rules)
 * 1:6331 <-> DISABLED <-> BACKDOOR globalkiller1.0 runtime detection - notification (backdoor.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21586 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:6023 <-> DISABLED <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules)
 * 1:6493 <-> DISABLED <-> BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (backdoor.rules)
 * 1:6039 <-> DISABLED <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules)
 * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:6069 <-> DISABLED <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:20998 <-> ENABLED <-> FILE-PDF Adobe Reader javascript submitform memory corruption attempt (file-pdf.rules)
 * 1:6412 <-> DISABLED <-> SMTP Microsoft Windows Address Book attachment detected (smtp.rules)
 * 1:567 <-> DISABLED <-> SERVER-MAIL SMTP relaying denied (server-mail.rules)
 * 1:490 <-> DISABLED <-> SERVER-MAIL battle-mail traffic (server-mail.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21417 <-> ENABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules)
 * 1:21026 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX clsid access (web-activex.rules)
 * 1:670 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:5714 <-> DISABLED <-> SERVER-MAIL Apple Safari x-unix-mode executable mail attachment (server-mail.rules)
 * 1:2264 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too long addresses overflow (server-mail.rules)
 * 1:21868 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:6029 <-> DISABLED <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:6492 <-> DISABLED <-> BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (backdoor.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21626 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:671 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9c exploit (server-mail.rules)
 * 1:6291 <-> DISABLED <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules)
 * 1:21431 <-> ENABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules)
 * 1:21880 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21429 <-> ENABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:662 <-> DISABLED <-> SERVER-MAIL Sendmail 5.5.5 exploit (server-mail.rules)
 * 1:6020 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules)
 * 1:6071 <-> DISABLED <-> BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:21612 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:17956 <-> DISABLED <-> PHISHING-SPAM fauxy.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17957 <-> DISABLED <-> PHISHING-SPAM food.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17958 <-> DISABLED <-> PHISHING-SPAM generality.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17959 <-> DISABLED <-> PHISHING-SPAM goyry.ramedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17960 <-> DISABLED <-> PHISHING-SPAM gueepa.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17961 <-> DISABLED <-> PHISHING-SPAM has.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17962 <-> DISABLED <-> PHISHING-SPAM have.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17963 <-> DISABLED <-> PHISHING-SPAM headtest.ru known spam email attempt (phishing-spam.rules)
 * 1:17964 <-> DISABLED <-> PHISHING-SPAM huhuh.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17965 <-> DISABLED <-> PHISHING-SPAM hyem.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17966 <-> DISABLED <-> PHISHING-SPAM icysa.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17967 <-> DISABLED <-> PHISHING-SPAM iiy.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17968 <-> DISABLED <-> PHISHING-SPAM iki.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17969 <-> DISABLED <-> PHISHING-SPAM iner.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules)
 * 1:17970 <-> DISABLED <-> PHISHING-SPAM in.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17971 <-> DISABLED <-> PHISHING-SPAM intelpost.ru known spam email attempt (phishing-spam.rules)
 * 1:17972 <-> DISABLED <-> PHISHING-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (phishing-spam.rules)
 * 1:17973 <-> DISABLED <-> PHISHING-SPAM ipiig.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17974 <-> DISABLED <-> PHISHING-SPAM iqor.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17975 <-> DISABLED <-> PHISHING-SPAM is.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17976 <-> DISABLED <-> PHISHING-SPAM itaca.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17977 <-> DISABLED <-> PHISHING-SPAM ive.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17978 <-> DISABLED <-> PHISHING-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17979 <-> DISABLED <-> PHISHING-SPAM iycyde.medicdrugsxco.ru known spam email attempt (phishing-spam.rules)
 * 1:17980 <-> DISABLED <-> PHISHING-SPAM iyw.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17981 <-> DISABLED <-> PHISHING-SPAM jaecoh.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17982 <-> DISABLED <-> PHISHING-SPAM jael.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17983 <-> DISABLED <-> PHISHING-SPAM jex.remedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17984 <-> DISABLED <-> PHISHING-SPAM john.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17985 <-> DISABLED <-> PHISHING-SPAM joseph.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17986 <-> DISABLED <-> PHISHING-SPAM jyn.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules)
 * 1:17987 <-> DISABLED <-> PHISHING-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17988 <-> DISABLED <-> PHISHING-SPAM koosaf.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17989 <-> DISABLED <-> PHISHING-SPAM lybah.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17990 <-> DISABLED <-> PHISHING-SPAM manila.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:17991 <-> DISABLED <-> PHISHING-SPAM masa.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17992 <-> DISABLED <-> PHISHING-SPAM medpenny17j.ru known spam email attempt (phishing-spam.rules)
 * 1:17993 <-> DISABLED <-> PHISHING-SPAM minionspre.ru known spam email attempt (phishing-spam.rules)
 * 1:17994 <-> DISABLED <-> PHISHING-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17995 <-> DISABLED <-> PHISHING-SPAM negotiations.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17996 <-> DISABLED <-> PHISHING-SPAM niqiv.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17997 <-> DISABLED <-> PHISHING-SPAM odimys.medicdrugsxlb.ru known spam email attempt (phishing-spam.rules)
 * 1:17998 <-> DISABLED <-> PHISHING-SPAM odoog.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17999 <-> DISABLED <-> PHISHING-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:18000 <-> DISABLED <-> PHISHING-SPAM oeqio.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18001 <-> DISABLED <-> PHISHING-SPAM of.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:18002 <-> DISABLED <-> PHISHING-SPAM of.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18003 <-> DISABLED <-> PHISHING-SPAM of.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18004 <-> DISABLED <-> PHISHING-SPAM oipek.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18005 <-> DISABLED <-> PHISHING-SPAM oji.medicdrugsxto.ru known spam email attempt (phishing-spam.rules)
 * 1:18006 <-> DISABLED <-> PHISHING-SPAM onotye.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18007 <-> DISABLED <-> PHISHING-SPAM opy.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:18008 <-> DISABLED <-> PHISHING-SPAM orderbuzz.ru known spam email attempt (phishing-spam.rules)
 * 1:18009 <-> DISABLED <-> PHISHING-SPAM ouu.almedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:7077 <-> DISABLED <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules)
 * 1:18010 <-> DISABLED <-> PHISHING-SPAM oxuc.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18011 <-> DISABLED <-> PHISHING-SPAM pillrolfe64l.ru known spam email attempt (phishing-spam.rules)
 * 1:18012 <-> DISABLED <-> PHISHING-SPAM recently.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18013 <-> DISABLED <-> PHISHING-SPAM records.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:18014 <-> DISABLED <-> PHISHING-SPAM reobaj.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18015 <-> DISABLED <-> PHISHING-SPAM research.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18016 <-> DISABLED <-> PHISHING-SPAM returning.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18017 <-> DISABLED <-> PHISHING-SPAM right.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules)
 * 1:18018 <-> DISABLED <-> PHISHING-SPAM riwaro.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:18019 <-> DISABLED <-> PHISHING-SPAM ruuav.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18020 <-> DISABLED <-> PHISHING-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (phishing-spam.rules)
 * 1:18021 <-> DISABLED <-> PHISHING-SPAM software-buyshop-7.ru known spam email attempt (phishing-spam.rules)
 * 1:18022 <-> DISABLED <-> PHISHING-SPAM specialyou.ru known spam email attempt (phishing-spam.rules)
 * 1:18023 <-> DISABLED <-> PHISHING-SPAM starring.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18024 <-> DISABLED <-> PHISHING-SPAM store-softwarebuy-7.ru known spam email attempt (phishing-spam.rules)
 * 1:18025 <-> DISABLED <-> PHISHING-SPAM sya.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18026 <-> DISABLED <-> PHISHING-SPAM tabdarin80s.ru known spam email attempt (phishing-spam.rules)
 * 1:18027 <-> DISABLED <-> PHISHING-SPAM tabgordan13n.ru known spam email attempt (phishing-spam.rules)
 * 1:18028 <-> DISABLED <-> PHISHING-SPAM tablangston19a.ru known spam email attempt (phishing-spam.rules)
 * 1:18029 <-> DISABLED <-> PHISHING-SPAM tabwebster77c.ru known spam email attempt (phishing-spam.rules)
 * 1:18030 <-> DISABLED <-> PHISHING-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:18031 <-> DISABLED <-> PHISHING-SPAM the.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18032 <-> DISABLED <-> PHISHING-SPAM the.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules)
 * 1:18033 <-> DISABLED <-> PHISHING-SPAM to.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:18034 <-> DISABLED <-> PHISHING-SPAM trails.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18035 <-> DISABLED <-> PHISHING-SPAM trusting-me.ru known spam email attempt (phishing-spam.rules)
 * 1:18036 <-> DISABLED <-> PHISHING-SPAM twodays.ru known spam email attempt (phishing-spam.rules)
 * 1:18037 <-> DISABLED <-> PHISHING-SPAM tyqaja.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:18038 <-> DISABLED <-> PHISHING-SPAM uboi.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18039 <-> DISABLED <-> PHISHING-SPAM uf.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:18040 <-> DISABLED <-> PHISHING-SPAM uielij.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18041 <-> DISABLED <-> PHISHING-SPAM unasu.medicdrugsxto.ru known spam email attempt (phishing-spam.rules)
 * 1:18042 <-> DISABLED <-> PHISHING-SPAM upazo.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:18043 <-> DISABLED <-> PHISHING-SPAM utuqaj.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18044 <-> DISABLED <-> PHISHING-SPAM uuji.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:18045 <-> DISABLED <-> PHISHING-SPAM variation.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18046 <-> DISABLED <-> PHISHING-SPAM via.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18047 <-> DISABLED <-> PHISHING-SPAM voiceless.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18048 <-> DISABLED <-> PHISHING-SPAM was.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:18049 <-> DISABLED <-> PHISHING-SPAM word.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:18050 <-> DISABLED <-> PHISHING-SPAM world.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18051 <-> DISABLED <-> PHISHING-SPAM www.buhni.ru known spam email attempt (phishing-spam.rules)
 * 1:18052 <-> DISABLED <-> PHISHING-SPAM www.visitcover.ru known spam email attempt (phishing-spam.rules)
 * 1:7704 <-> DISABLED <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules)
 * 1:18053 <-> DISABLED <-> PHISHING-SPAM xob.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18054 <-> DISABLED <-> PHISHING-SPAM ygy.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:18055 <-> DISABLED <-> PHISHING-SPAM yit.medicdrugsxor.ru known spam email attempt (phishing-spam.rules)
 * 1:7076 <-> DISABLED <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules)
 * 1:18056 <-> DISABLED <-> PHISHING-SPAM ylum.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18057 <-> DISABLED <-> PHISHING-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18058 <-> DISABLED <-> PHISHING-SPAM yomy.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18059 <-> DISABLED <-> PHISHING-SPAM yzugez.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18060 <-> DISABLED <-> PHISHING-SPAM zeroprices.ru known spam email attempt (phishing-spam.rules)
 * 1:18061 <-> DISABLED <-> PHISHING-SPAM zueuz.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt  (file-office.rules)
 * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:18201 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter remote code execution attempt (file-office.rules)
 * 1:18233 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules)
 * 1:18236 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules)
 * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules)
 * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules)
 * 1:18398 <-> ENABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18419 <-> DISABLED <-> FILE-PDF Adobe field flags exploit attempt (file-pdf.rules)
 * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:18450 <-> DISABLED <-> FILE-PDF Adobe Reader malformed BMP RGBQUAD attempt (file-pdf.rules)
 * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules)
 * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18454 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Reader malformed jpeg2000 superbox attempt (file-pdf.rules)
 * 1:18456 <-> ENABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules)
 * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Reader U3D rgba parsing overflow attempt (file-pdf.rules)
 * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules)
 * 1:18476 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules)
 * 1:18477 <-> DISABLED <-> SPECIFIC-THREATS Lotus Notes MIF viewer statement data overflow 2 (specific-threats.rules)
 * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18514 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:18527 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18541 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules)
 * 1:18544 <-> ENABLED <-> SPECIFIC-THREATS embedded Shockwave dropper in email attachment (specific-threats.rules)
 * 1:18574 <-> DISABLED <-> SPECIFIC-THREATS RCPT TO overflow (specific-threats.rules)
 * 1:18585 <-> ENABLED <-> FILE-PDF Adobe Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:18603 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (specific-threats.rules)
 * 1:18611 <-> ENABLED <-> WEB-MISC Oracle Java Web Server Webdav Stack Buffer Overflow attempt (web-misc.rules)
 * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules)
 * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OfficeArtSpContainer record exploit attempt (file-office.rules)
 * 1:18639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CatSerRange record exploit attempt (file-office.rules)
 * 1:18642 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules)
 * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript string (file-pdf.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object (file-pdf.rules)
 * 1:18684 <-> ENABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules)
 * 1:18765 <-> ENABLED <-> SPECIFIC-THREATS Majordomo2 smtp directory traversal attempt (specific-threats.rules)
 * 1:7722 <-> DISABLED <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules)
 * 1:18768 <-> ENABLED <-> SMTP Novell GroupWise internet agent RRULE parsing buffer overflow attempt (smtp.rules)
 * 1:18811 <-> DISABLED <-> SMTP .ade attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18812 <-> DISABLED <-> SMTP .adp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18813 <-> DISABLED <-> SMTP .app attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18814 <-> DISABLED <-> SMTP .asp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18815 <-> DISABLED <-> SMTP .bas attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18816 <-> DISABLED <-> SMTP .bat attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18817 <-> DISABLED <-> SMTP .cer attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18818 <-> DISABLED <-> SMTP .chm attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18819 <-> DISABLED <-> SMTP .cmd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18820 <-> DISABLED <-> SMTP .cnt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18821 <-> DISABLED <-> SMTP .com attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18822 <-> DISABLED <-> SMTP .cpl attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18823 <-> DISABLED <-> SMTP .crt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18824 <-> DISABLED <-> SMTP .csh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18825 <-> DISABLED <-> SMTP .der attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18826 <-> DISABLED <-> SMTP .exe attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18827 <-> DISABLED <-> SMTP .fxp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18828 <-> DISABLED <-> SMTP .gadget attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18829 <-> DISABLED <-> SMTP .hlp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:7116 <-> ENABLED <-> BACKDOOR y3k 1.2 runtime detection - icq notification (backdoor.rules)
 * 1:18830 <-> DISABLED <-> SMTP .hpj attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18831 <-> DISABLED <-> SMTP .hta attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18832 <-> DISABLED <-> SMTP .inf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18833 <-> DISABLED <-> SMTP .ins attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18834 <-> DISABLED <-> SMTP .isp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18835 <-> DISABLED <-> SMTP .its attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18836 <-> DISABLED <-> SMTP .js attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18837 <-> DISABLED <-> SMTP .jse attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18838 <-> DISABLED <-> SMTP .ksh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18839 <-> DISABLED <-> SMTP .lnk attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18840 <-> DISABLED <-> SMTP .mad attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18841 <-> DISABLED <-> SMTP .maf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18842 <-> DISABLED <-> SMTP .mag attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18843 <-> DISABLED <-> SMTP .mam attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18844 <-> DISABLED <-> SMTP .maq attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18845 <-> DISABLED <-> SMTP .mar attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18846 <-> DISABLED <-> SMTP .mas attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18847 <-> DISABLED <-> SMTP .mat attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18848 <-> DISABLED <-> SMTP .mau attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18849 <-> DISABLED <-> SMTP .mav attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18850 <-> DISABLED <-> SMTP .maw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18851 <-> DISABLED <-> SMTP .mda attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18852 <-> DISABLED <-> SMTP .mdb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18853 <-> DISABLED <-> SMTP .mde attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18854 <-> DISABLED <-> SMTP .mdt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18855 <-> DISABLED <-> SMTP .mdw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18856 <-> DISABLED <-> SMTP .mdz attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18857 <-> DISABLED <-> SMTP .msc attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18858 <-> DISABLED <-> SMTP .msh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18859 <-> DISABLED <-> SMTP .msh1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18860 <-> DISABLED <-> SMTP .msh2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18861 <-> DISABLED <-> SMTP .mshxml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18862 <-> DISABLED <-> SMTP .msh1xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18863 <-> DISABLED <-> SMTP .msh2xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18864 <-> DISABLED <-> SMTP .msi attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18865 <-> DISABLED <-> SMTP .msp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18866 <-> DISABLED <-> SMTP .mst attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18867 <-> DISABLED <-> SMTP .ops attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18868 <-> DISABLED <-> SMTP .osd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18869 <-> DISABLED <-> SMTP .pcd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18870 <-> DISABLED <-> SMTP .pif attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18871 <-> DISABLED <-> SMTP .plg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18872 <-> DISABLED <-> SMTP .prf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18873 <-> DISABLED <-> SMTP .prg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18874 <-> DISABLED <-> SMTP .pst attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18875 <-> DISABLED <-> SMTP .reg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18876 <-> DISABLED <-> SMTP .scf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18877 <-> DISABLED <-> SMTP .scr attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18878 <-> DISABLED <-> SMTP .sct attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18879 <-> DISABLED <-> SMTP .shb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18880 <-> DISABLED <-> SMTP .shs attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18881 <-> DISABLED <-> SMTP .ps1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18882 <-> DISABLED <-> SMTP .ps1xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18883 <-> DISABLED <-> SMTP .ps2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18884 <-> DISABLED <-> SMTP .ps2xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18885 <-> DISABLED <-> SMTP .psc1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18886 <-> DISABLED <-> SMTP .psc2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18887 <-> DISABLED <-> SMTP .tmp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18888 <-> DISABLED <-> SMTP .url attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18889 <-> DISABLED <-> SMTP .vb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18890 <-> DISABLED <-> SMTP .vbe attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18891 <-> DISABLED <-> SMTP .vbp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18892 <-> DISABLED <-> SMTP .vbs attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18893 <-> DISABLED <-> SMTP .vsmacros attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18894 <-> DISABLED <-> SMTP .vsw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18895 <-> DISABLED <-> SMTP .ws attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18896 <-> DISABLED <-> SMTP .wsc attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18897 <-> DISABLED <-> SMTP .wsf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18898 <-> DISABLED <-> SMTP .wsh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18899 <-> DISABLED <-> SMTP .xnk attachment file type blocked by Outlook detected (smtp.rules)
 * 1:19015 <-> DISABLED <-> PHISHING-SPAM visiopharm-3d.eu known spam email attempt (phishing-spam.rules)
 * 1:19048 <-> DISABLED <-> BACKDOOR Win32.Darkness contact to server attempt (backdoor.rules)
 * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules)
 * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Reader malformed U3D integer overflow (file-pdf.rules)
 * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Reader script injection vulnerability (file-pdf.rules)
 * 1:19122 <-> DISABLED <-> PHISHING-SPAM appledownload.com known spam email attempt (phishing-spam.rules)
 * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules)
 * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules)
 * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:19248 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules)
 * 1:19250 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Reader U3D file include overflow attempt (file-pdf.rules)
 * 1:19251 <-> DISABLED <-> FILE-PDF Adobe PDF CIDFont dictionary glyph width corruption attempt (file-pdf.rules)
 * 1:19253 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules)
 * 1:19254 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules)
 * 1:19255 <-> ENABLED <-> FILE-PDF Adobe Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules)
 * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules)
 * 1:19316 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter remote code execution attempt (file-office.rules)
 * 1:19328 <-> ENABLED <-> BACKDOOR PointGuide outbound connection (backdoor.rules)
 * 1:19339 <-> ENABLED <-> BACKDOOR Trojan Dropper Win32.Agent.alda outbound connection (backdoor.rules)
 * 1:19340 <-> DISABLED <-> BACKDOOR Trojan Fakeav TREAntivirus outbound connection (backdoor.rules)
 * 1:19341 <-> DISABLED <-> BACKDOOR Worm MSIL.AiO.a outbound connection (backdoor.rules)
 * 1:19342 <-> DISABLED <-> BACKDOOR Adware Professional Runtime Detection (backdoor.rules)
 * 1:19343 <-> DISABLED <-> BACKDOOR Adware Pro Runtime Detection (backdoor.rules)
 * 1:19344 <-> DISABLED <-> BACKDOOR AntiMalware Pro Runtime Detection (backdoor.rules)
 * 1:21864 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules)
 * 1:7640 <-> DISABLED <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules)
 * 1:7074 <-> DISABLED <-> BACKDOOR W32.dumaru.gen runtime detection - cmd (backdoor.rules)
 * 1:19345 <-> DISABLED <-> BACKDOOR REAnti outbound connection (backdoor.rules)
 * 1:19346 <-> DISABLED <-> BACKDOOR Additional Guard outbound connection (backdoor.rules)
 * 1:19348 <-> ENABLED <-> BACKDOOR Trojan Downloader Win32.FraudLoad.emq outbound connection (backdoor.rules)
 * 1:19351 <-> ENABLED <-> BACKDOOR Trojan Clicker Win32.Hatigh.C outbound connection (backdoor.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21153 <-> DISABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:19354 <-> DISABLED <-> BACKDOOR Win32.Agent.bhxn outbound connection (backdoor.rules)
 * 1:19357 <-> ENABLED <-> BACKDOOR Worm Win32.Sohanad.ila outbound connection (backdoor.rules)
 * 1:19405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19406 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19407 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19442 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:19443 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules)
 * 1:19555 <-> DISABLED <-> BACKDOOR Trojan Downloader Win32.Small.akow outbound connection (backdoor.rules)
 * 1:19556 <-> DISABLED <-> BACKDOOR Trojan Downloader Win32.Homa.dk outbound connection (backdoor.rules)
 * 1:19595 <-> ENABLED <-> BLACKLIST EMAIL known malicious email string - You have received a Hallmark E-Card! (blacklist.rules)
 * 1:19646 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19647 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19648 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules)
 * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules)
 * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules)
 * 1:20036 <-> DISABLED <-> BACKDOOR Trojan Win32 Agent.ndau runtime traffic detected (backdoor.rules)
 * 1:20037 <-> DISABLED <-> BACKDOOR Trojan Agent.cve runtime traffic detected (backdoor.rules)
 * 1:20038 <-> DISABLED <-> BACKDOOR Trojan Agent.cve runtime traffic detected (backdoor.rules)
 * 1:20049 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat record (file-office.rules)
 * 1:20129 <-> ENABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules)
 * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Reader app.openDoc path vulnerability (file-pdf.rules)
 * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules)
 * 1:20145 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20147 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20148 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules)
 * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules)
 * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules)
 * 1:20154 <-> DISABLED <-> FILE-PDF Adobe Reader glyf directory table vulnerability (file-pdf.rules)
 * 1:20155 <-> DISABLED <-> FILE-PDF Adobe Reader glyf composite vulnerability (file-pdf.rules)
 * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat getCosObj file overwrite attempt (file-pdf.rules)
 * 1:20162 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader sandbox disable attempt (file-pdf.rules)
 * 1:20170 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20171 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20246 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20247 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules)
 * 1:20435 <-> DISABLED <-> BACKDOOR TrojanSpy Win32.Zbot.Svr runtime traffic detected (backdoor.rules)
 * 1:20447 <-> DISABLED <-> BACKDOOR Trojan Win32.Agent.JAAK outbound connection (backdoor.rules)
 * 1:20474 <-> DISABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Reader PDF JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:20659 <-> DISABLED <-> FILE-PDF Adobe Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:20741 <-> DISABLED <-> DOS SpamAssassin GTube string denial of service attempt (dos.rules)
 * 1:20766 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20769 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20773 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20774 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20775 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20776 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20782 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (specific-threats.rules)
 * 1:20783 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (specific-threats.rules)
 * 1:20784 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (specific-threats.rules)
 * 1:20785 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20786 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:20787 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20789 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20790 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules)
 * 1:20803 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20804 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20805 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20806 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20807 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20838 <-> DISABLED <-> BACKDOOR Win32.Smokebot.A runtime traffic detected (backdoor.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20919 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader BMP color unused corruption (file-pdf.rules)
 * 1:20921 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:7762 <-> DISABLED <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules)
 * 1:7805 <-> DISABLED <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules)
 * 1:8080 <-> DISABLED <-> BACKDOOR x2a runtime detection - client update (backdoor.rules)
 * 1:8549 <-> DISABLED <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules)
 * 1:8704 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS Banner (server-mail.rules)
 * 1:8705 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS buffer overflow attempt (server-mail.rules)
 * 1:8706 <-> DISABLED <-> EXPLOIT YPOPS buffer overflow attempt (exploit.rules)
 * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules)
 * 1:9653 <-> DISABLED <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules)
 * 1:9842 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin Universal cross-site scripting attempt (file-pdf.rules)
 * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules)
 * 1:7743 <-> DISABLED <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules)