Sourcefire VRT Rules Update

Date: 2012-05-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:23002 <-> DISABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:22948 <-> DISABLED <-> VOIP Avaya WinPDM header buffer overflow attempt (voip.rules)
 * 1:22962 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:23003 <-> DISABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:23006 <-> DISABLED <-> SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (scada.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22968 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22958 <-> DISABLED <-> BLACKLIST DNS request for known malware domain slade.safehousenumber.com - Mal/Rimecud-R (blacklist.rules)
 * 1:22942 <-> DISABLED <-> FILE-OTHER Microsoft Windows Authenticode signature verification bypass attempt (file-other.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22963 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf magic detected (file-identify.rules)
 * 1:23004 <-> DISABLED <-> SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (scada.rules)
 * 1:22960 <-> DISABLED <-> BLACKLIST DNS request for known malware domain portal.roomshowerbord.com - Mal/EncPk-ADU (blacklist.rules)
 * 1:22966 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:23007 <-> DISABLED <-> SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (scada.rules)
 * 1:22997 <-> DISABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22949 <-> ENABLED <-> SPECIFIC-THREATS Blackhole redirection attempt (specific-threats.rules)
 * 1:23000 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22998 <-> DISABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22953 <-> DISABLED <-> DOS Hulk denial of service attempt (dos.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:23009 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:23005 <-> DISABLED <-> SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (scada.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:23008 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY MOV file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22951 <-> DISABLED <-> WEB-PHP EXIF header parsing integer overflow attempt little endian (web-php.rules)
 * 1:22957 <-> DISABLED <-> BLACKLIST DNS request for known malware domain murik.portal-protection.net.ru - Mal/Rimecud-R (blacklist.rules)
 * 1:22959 <-> DISABLED <-> BLACKLIST DNS request for known malware domain world.rickstudio.ru - Mal/Rimecud-R (blacklist.rules)
 * 1:22965 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22967 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22961 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY MOV file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22969 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22952 <-> ENABLED <-> EXPLOIT Iron Mountain connected backup opcode 13 processing command injection attempt (exploit.rules)
 * 1:23001 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22964 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22956 <-> DISABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22970 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22950 <-> DISABLED <-> WEB-PHP EXIF header parsing integer overflow attempt big endian (web-php.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22955 <-> DISABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)

Modified Rules:


 * 1:1773 <-> DISABLED <-> WEB-PHP php.exe access (web-php.rules)
 * 1:16301 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:1399 <-> DISABLED <-> WEB-PHP PHP-Nuke remote file include attempt (web-php.rules)
 * 1:1745 <-> DISABLED <-> WEB-PHP Messagerie supp_membre.php access (web-php.rules)
 * 1:15432 <-> DISABLED <-> WEB-PHP wordpress cat parameter arbitrary file execution attempt (web-php.rules)
 * 1:1742 <-> DISABLED <-> WEB-PHP Blahz-DNS dostuff.php modify user attempt (web-php.rules)
 * 1:1816 <-> DISABLED <-> WEB-PHP directory.php access (web-php.rules)
 * 1:18204 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (web-client.rules)
 * 1:18205 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (web-client.rules)
 * 1:18335 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MHTML XSS attempt (web-client.rules)
 * 1:1834 <-> DISABLED <-> WEB-PHP PHP-Wiki cross site scripting attempt (web-php.rules)
 * 1:18465 <-> DISABLED <-> WEB-PHP FreePBX recording interface file upload code execution attempt (web-php.rules)
 * 1:18479 <-> DISABLED <-> WEB-PHP miniBB rss.php pathToFiles remote file include attempt (web-php.rules)
 * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules)
 * 1:18586 <-> DISABLED <-> WEB-PHP Visuplay CMS news_article.php unspecified SQL injection attempt  (web-php.rules)
 * 1:18902 <-> DISABLED <-> WEB-MISC Novell Teaming ajaxUploadImageFile remote code execution attempt (web-misc.rules)
 * 1:18944 <-> DISABLED <-> BOTNET-CNC URI request for known malicious URI - Suspected Crimepack (botnet-cnc.rules)
 * 1:18955 <-> DISABLED <-> WEB-CGI Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (web-cgi.rules)
 * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18998 <-> DISABLED <-> WEB-MISC HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (web-misc.rules)
 * 1:18999 <-> DISABLED <-> WEB-MISC HP OpenView NNM webappmon.exe buffer overflow attempt (web-misc.rules)
 * 1:19148 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (web-client.rules)
 * 1:19181 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer iframe uninitialized memory corruption attempt (specific-threats.rules)
 * 1:19237 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:19320 <-> DISABLED <-> WEB-CLIENT Microsoft Windows AVI Header insufficient data corruption attempt (web-client.rules)
 * 1:19321 <-> DISABLED <-> EXPLOIT Mozilla Products nsCSSValue Array Index Integer Overflow (exploit.rules)
 * 1:19437 <-> DISABLED <-> INDICATOR-OBFUSCATION select concat statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:19462 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS negative array index code execution attempt (web-client.rules)
 * 1:19463 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS double free attempt (web-client.rules)
 * 1:19560 <-> DISABLED <-> WEB-CLIENT Apple iTunes PLS file parsing buffer overflow attempt (web-client.rules)
 * 1:1967 <-> DISABLED <-> WEB-PHP phpbb quick-reply.php arbitrary command attempt (web-php.rules)
 * 1:19679 <-> DISABLED <-> WEB-CLIENT Microsoft Windows NDISTAPI Driver code execution attempt (web-client.rules)
 * 1:2372 <-> DISABLED <-> WEB-PHP Photopost PHP Pro showphoto.php access (web-php.rules)
 * 1:19685 <-> DISABLED <-> WEB-CLIENT Adobe Flash regular expression grouping depth buffer overflow attempt (web-client.rules)
 * 1:19687 <-> DISABLED <-> WEB-CLIENT Adobe Flash ActionStoreRegister instruction length invalidation attempt (web-client.rules)
 * 1:19692 <-> DISABLED <-> WEB-CLIENT Adobe Flash cross-site request forgery attempt (web-client.rules)
 * 1:19693 <-> DISABLED <-> WEB-CLIENT Adobe Flash MP4 ref_frame allocated buffer overflow attempt (web-client.rules)
 * 1:19807 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit SVG memory corruption attempt (web-client.rules)
 * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules)
 * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules)
 * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules)
 * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules)
 * 1:19908 <-> DISABLED <-> WEB-MISC Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (web-misc.rules)
 * 1:1997 <-> DISABLED <-> WEB-PHP read_body.php access attempt (web-php.rules)
 * 1:1998 <-> DISABLED <-> WEB-PHP calendar.php access (web-php.rules)
 * 1:1999 <-> DISABLED <-> WEB-PHP edit_image.php access (web-php.rules)
 * 1:2000 <-> DISABLED <-> WEB-PHP readmsg.php access (web-php.rules)
 * 1:2002 <-> DISABLED <-> WEB-PHP remote include path (web-php.rules)
 * 1:20133 <-> DISABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:20211 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:20224 <-> DISABLED <-> WEB-CLIENT MPlayer SMI file buffer overflow attempt (web-client.rules)
 * 1:20237 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:20259 <-> DISABLED <-> WEB-MISC Microsoft Agent Helper Malicious JAR download attempt (web-misc.rules)
 * 1:20261 <-> DISABLED <-> WEB-CLIENT Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (web-client.rules)
 * 1:20269 <-> DISABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules)
 * 1:20283 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:20284 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:20533 <-> DISABLED <-> WEB-PHP php tiny shell upload attempt (web-php.rules)
 * 1:20553 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:20559 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI file buffer overflow attempt (web-client.rules)
 * 1:20565 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20566 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20572 <-> DISABLED <-> WEB-MISC Microsoft Windows Font Library file buffer overflow attempt (web-misc.rules)
 * 1:20594 <-> DISABLED <-> ORACLE Outside In CorelDRAW file parser integer overflow attempt (oracle.rules)
 * 1:20615 <-> DISABLED <-> WEB-PHP Wordcircle SQL injection attempt (web-php.rules)
 * 1:20622 <-> DISABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:20629 <-> DISABLED <-> WEB-PHP geoBlog SQL injection in viewcat.php cat parameter attempt (web-php.rules)
 * 1:20631 <-> DISABLED <-> WEB-PHP Akarru remote file include in main_content.php bm_content (web-php.rules)
 * 1:20632 <-> DISABLED <-> WEB-PHP AnnoncesV remote file include in annonce.php page (web-php.rules)
 * 1:20633 <-> DISABLED <-> WEB-PHP Boite de News remote file include in inc.php url_index (web-php.rules)
 * 1:20640 <-> DISABLED <-> WEB-PHP VEGO Web Forum SQL injection in login.php username attempt (web-php.rules)
 * 1:20641 <-> DISABLED <-> WEB-PHP TheWebForum SQL injection in login.php username attempt (web-php.rules)
 * 1:20642 <-> DISABLED <-> WEB-PHP TankLogger SQL injection in showInfo.php livestock_id attempt (web-php.rules)
 * 1:20643 <-> DISABLED <-> WEB-PHP ScozBook SQL injection in auth.php adminname attempt (web-php.rules)
 * 1:20644 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in detail.php id attempt (web-php.rules)
 * 1:20645 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in pages.php id attempt (web-php.rules)
 * 1:20646 <-> DISABLED <-> WEB-PHP Benders Calendar SQL injection in index.php this_day attempt (web-php.rules)
 * 1:20647 <-> DISABLED <-> WEB-PHP inTouch SQL injection in index.php user attempt (web-php.rules)
 * 1:20648 <-> DISABLED <-> WEB-PHP Bit 5 Blog SQL injection in processlogin.php username via (web-php.rules)
 * 1:20649 <-> DISABLED <-> WEB-PHP ADNForum SQL injection in index.php fid attempt (web-php.rules)
 * 1:20650 <-> DISABLED <-> WEB-PHP MyNewsGroups remote file include in layersmenu.inc.php myng_root (web-php.rules)
 * 1:20651 <-> DISABLED <-> WEB-PHP Modernbill remote file include in config.php DIR (web-php.rules)
 * 1:20652 <-> DISABLED <-> WEB-PHP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (web-php.rules)
 * 1:20654 <-> DISABLED <-> WEB-PHP GrapAgenda remote file include in index.php page (web-php.rules)
 * 1:20656 <-> DISABLED <-> WEB-PHP GestArtremote file include in aide.php3 aide (web-php.rules)
 * 1:20657 <-> DISABLED <-> WEB-PHP Free File Hosting remote file include in forgot_pass.php ad_body_temp (web-php.rules)
 * 1:1968 <-> DISABLED <-> WEB-PHP phpbb quick-reply.php access (web-php.rules)
 * 1:20663 <-> DISABLED <-> WEB-PHP Comet WebFileManager remote file include in CheckUpload.php Language (web-php.rules)
 * 1:20674 <-> DISABLED <-> WEB-PHP Sourceforge Gallery search engine cross-site scripting attempt (web-php.rules)
 * 1:20728 <-> DISABLED <-> WEB-PHP WoW Roster remote file include with hslist.php and conf.php (web-php.rules)
 * 1:20731 <-> DISABLED <-> WEB-PHP TSEP remote file include in colorswitch.php tsep_config[absPath] (web-php.rules)
 * 1:20732 <-> DISABLED <-> WEB-PHP Sabdrimer remote file include in advanced1.php pluginpath[0] (web-php.rules)
 * 1:20734 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player digital video recording buffer overflow attempt (web-client.rules)
 * 1:2074 <-> DISABLED <-> WEB-PHP Mambo uploadimage.php upload php file attempt (web-php.rules)
 * 1:2075 <-> DISABLED <-> WEB-PHP Mambo upload.php upload php file attempt (web-php.rules)
 * 1:2076 <-> DISABLED <-> WEB-PHP Mambo uploadimage.php access (web-php.rules)
 * 1:2077 <-> DISABLED <-> WEB-PHP Mambo upload.php access (web-php.rules)
 * 1:2078 <-> DISABLED <-> WEB-PHP phpBB privmsg.php access (web-php.rules)
 * 1:20808 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20809 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20810 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20811 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20815 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in chart.php art (web-php.rules)
 * 1:20816 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in admin.php art (web-php.rules)
 * 1:20817 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in modes.php art (web-php.rules)
 * 1:20818 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in stats.php art (web-php.rules)
 * 1:20819 <-> DISABLED <-> WEB-PHP ACal Calendar Project cookie based authentication bypass attempt (web-php.rules)
 * 1:20826 <-> DISABLED <-> WEB-PHP OABoard forum script remote file injection attempt (web-php.rules)
 * 1:20831 <-> DISABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:20842 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20843 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20997 <-> DISABLED <-> WEB-CLIENT Apple Webkit Display box rendering corruption attempt (web-client.rules)
 * 1:21019 <-> DISABLED <-> WEB-CLIENT Cytel Studio string stack overflow attempt (web-client.rules)
 * 1:21020 <-> DISABLED <-> WEB-CLIENT Cytel Studio row overflow attempt (web-client.rules)
 * 1:21021 <-> DISABLED <-> WEB-CLIENT Cytel Studio USE command overflow attempt (web-client.rules)
 * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21258 <-> DISABLED <-> SHELLCODE Feng-Shui heap grooming using Oleaut32 (shellcode.rules)
 * 1:21265 <-> DISABLED <-> SHELLCODE Piecemeal exploit and shellcode construction (shellcode.rules)
 * 1:21295 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21317 <-> DISABLED <-> WEB-CLIENT BACnet OPC client csv file buffer overflow attempt (web-client.rules)
 * 1:21371 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Director KEY chunk buffer overflow attempt (web-client.rules)
 * 1:21375 <-> DISABLED <-> WEB-PHP Remote Execution Backdoor Attempt Against Horde (web-php.rules)
 * 1:21387 <-> DISABLED <-> WEB-CLIENT Oracle Java runtime RMIConnectionImpl deserialization execution attempt (web-client.rules)
 * 1:21394 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox null byte file remote code execution attempt (web-client.rules)
 * 1:2140 <-> DISABLED <-> WEB-PHP p-news.php access (web-php.rules)
 * 1:2141 <-> DISABLED <-> WEB-PHP shoutbox.php directory traversal attempt (web-php.rules)
 * 1:21413 <-> DISABLED <-> WEB-CLIENT PeaZip command injection attempt (web-client.rules)
 * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21416 <-> DISABLED <-> BOTNET-CNC Trojan.Bankpatch.C authentication string detected (botnet-cnc.rules)
 * 1:21419 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer compressed skin overflow attempt (web-client.rules)
 * 1:2142 <-> DISABLED <-> WEB-PHP shoutbox.php access (web-php.rules)
 * 1:21420 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer compressed skin overflow attempt (web-client.rules)
 * 1:2143 <-> DISABLED <-> WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt (web-php.rules)
 * 1:21437 <-> DISABLED <-> WEB-CLIENT WordPerfect WP3TablesGroup heap overflow attempt (web-client.rules)
 * 1:2144 <-> DISABLED <-> WEB-PHP b2 cafelog gm-2-b2.php access (web-php.rules)
 * 1:2145 <-> DISABLED <-> WEB-PHP TextPortal admin.php default password admin attempt (web-php.rules)
 * 1:2146 <-> DISABLED <-> WEB-PHP TextPortal admin.php default password 12345 attempt (web-php.rules)
 * 1:2147 <-> DISABLED <-> WEB-PHP BLNews objects.inc.php4 remote file include attempt (web-php.rules)
 * 1:2148 <-> DISABLED <-> WEB-PHP BLNews objects.inc.php4 access (web-php.rules)
 * 1:21484 <-> ENABLED <-> WEB-CLIENT zip file name buffer overflow attempt (web-client.rules)
 * 1:2149 <-> DISABLED <-> WEB-PHP Turba status.php access (web-php.rules)
 * 1:2150 <-> DISABLED <-> WEB-PHP ttCMS header.php remote file include attempt (web-php.rules)
 * 1:21501 <-> DISABLED <-> WEB-CLIENT JavaScript file upload keystroke hijack attempt (web-client.rules)
 * 1:2151 <-> DISABLED <-> WEB-PHP ttCMS header.php access (web-php.rules)
 * 1:1178 <-> DISABLED <-> WEB-PHP Phorum read access (web-php.rules)
 * 1:2152 <-> DISABLED <-> WEB-PHP test.php access (web-php.rules)
 * 1:2153 <-> DISABLED <-> WEB-PHP autohtml.php directory traversal attempt (web-php.rules)
 * 1:21531 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player action script 3 bitmap malicious rectangle attempt (web-client.rules)
 * 1:21532 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player action script 3 bitmap malicious rectangle attempt (web-client.rules)
 * 1:21536 <-> DISABLED <-> WEB-CLIENT Adobe Actionscript Stage3D null dereference attempt (web-client.rules)
 * 1:2154 <-> DISABLED <-> WEB-PHP autohtml.php access (web-php.rules)
 * 1:2155 <-> DISABLED <-> WEB-PHP ttforum remote file include attempt (web-php.rules)
 * 1:21557 <-> DISABLED <-> WEB-CLIENT Apple OSX ZIP archive shell script execution attempt (web-client.rules)
 * 1:21587 <-> DISABLED <-> WEB-CLIENT VisiWave VWR file parsing code execution attempt (web-client.rules)
 * 1:21607 <-> DISABLED <-> WEB-CLIENT IBM Installation Manager iim uri code execution attempt (web-client.rules)
 * 1:21791 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (web-client.rules)
 * 1:21795 <-> DISABLED <-> FILE-OTHER Microsoft Windows Authenticode signature verification bypass attempt (file-other.rules)
 * 1:21965 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user agent VB WININET (blacklist.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Powerpoint pptx file attachment detected (file-identify.rules)
 * 1:22091 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules)
 * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:2226 <-> DISABLED <-> WEB-PHP pmachine remote file include attempt (web-php.rules)
 * 1:2227 <-> DISABLED <-> WEB-PHP forum_details.php access (web-php.rules)
 * 1:2228 <-> DISABLED <-> WEB-PHP phpMyAdmin db_details_importdocsql.php access (web-php.rules)
 * 1:2229 <-> DISABLED <-> WEB-PHP viewtopic.php access (web-php.rules)
 * 1:2279 <-> DISABLED <-> WEB-PHP UpdateClasses.php access (web-php.rules)
 * 1:2280 <-> DISABLED <-> WEB-PHP Title.php access (web-php.rules)
 * 1:2281 <-> DISABLED <-> WEB-PHP Setup.php access (web-php.rules)
 * 1:2282 <-> DISABLED <-> WEB-PHP GlobalFunctions.php access (web-php.rules)
 * 1:2283 <-> DISABLED <-> WEB-PHP DatabaseFunctions.php access (web-php.rules)
 * 1:2284 <-> DISABLED <-> WEB-PHP rolis guestbook remote file include attempt (web-php.rules)
 * 1:2285 <-> DISABLED <-> WEB-PHP rolis guestbook access (web-php.rules)
 * 1:2286 <-> DISABLED <-> WEB-PHP friends.php access (web-php.rules)
 * 1:2287 <-> DISABLED <-> WEB-PHP Advanced Poll admin_comment.php access (web-php.rules)
 * 1:2288 <-> DISABLED <-> WEB-PHP Advanced Poll admin_edit.php access (web-php.rules)
 * 1:2289 <-> DISABLED <-> WEB-PHP Advanced Poll admin_embed.php access (web-php.rules)
 * 1:2290 <-> DISABLED <-> WEB-PHP Advanced Poll admin_help.php access (web-php.rules)
 * 1:2291 <-> DISABLED <-> WEB-PHP Advanced Poll admin_license.php access (web-php.rules)
 * 1:2292 <-> DISABLED <-> WEB-PHP Advanced Poll admin_logout.php access (web-php.rules)
 * 1:2293 <-> DISABLED <-> WEB-PHP Advanced Poll admin_password.php access (web-php.rules)
 * 1:2294 <-> DISABLED <-> WEB-PHP Advanced Poll admin_preview.php access (web-php.rules)
 * 1:22941 <-> ENABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules)
 * 1:2295 <-> DISABLED <-> WEB-PHP Advanced Poll admin_settings.php access (web-php.rules)
 * 1:2296 <-> DISABLED <-> WEB-PHP Advanced Poll admin_stats.php access (web-php.rules)
 * 1:2297 <-> DISABLED <-> WEB-PHP Advanced Poll admin_templates_misc.php access (web-php.rules)
 * 1:2298 <-> DISABLED <-> WEB-PHP Advanced Poll admin_templates.php access (web-php.rules)
 * 1:2299 <-> DISABLED <-> WEB-PHP Advanced Poll admin_tpl_misc_new.php access (web-php.rules)
 * 1:2300 <-> DISABLED <-> WEB-PHP Advanced Poll admin_tpl_new.php access (web-php.rules)
 * 1:2301 <-> DISABLED <-> WEB-PHP Advanced Poll booth.php access (web-php.rules)
 * 1:2302 <-> DISABLED <-> WEB-PHP Advanced Poll poll_ssi.php access (web-php.rules)
 * 1:2303 <-> DISABLED <-> WEB-PHP Advanced Poll popup.php access (web-php.rules)
 * 1:2304 <-> DISABLED <-> WEB-PHP files.inc.php access (web-php.rules)
 * 1:2305 <-> DISABLED <-> WEB-PHP chatbox.php access (web-php.rules)
 * 1:2306 <-> DISABLED <-> WEB-PHP gallery remote file include attempt (web-php.rules)
 * 1:2307 <-> DISABLED <-> WEB-PHP PayPal Storefront remote file include attempt (web-php.rules)
 * 1:2328 <-> DISABLED <-> WEB-PHP authentication_index.php access (web-php.rules)
 * 1:2331 <-> DISABLED <-> WEB-PHP MatrikzGB privilege escalation attempt (web-php.rules)
 * 1:2341 <-> DISABLED <-> WEB-PHP DCP-Portal remote file include editor script attempt (web-php.rules)
 * 1:2342 <-> DISABLED <-> WEB-PHP DCP-Portal remote file include lib script attempt (web-php.rules)
 * 1:2345 <-> DISABLED <-> WEB-PHP PhpGedView search.php access (web-php.rules)
 * 1:2346 <-> DISABLED <-> WEB-PHP myPHPNuke chatheader.php access (web-php.rules)
 * 1:2347 <-> DISABLED <-> WEB-PHP myPHPNuke partner.php access (web-php.rules)
 * 1:2353 <-> DISABLED <-> WEB-PHP IdeaBox cord.php file include (web-php.rules)
 * 1:2354 <-> DISABLED <-> WEB-PHP IdeaBox notification.php file include (web-php.rules)
 * 1:2355 <-> DISABLED <-> WEB-PHP Invision Board emailer.php file include (web-php.rules)
 * 1:2356 <-> DISABLED <-> WEB-PHP WebChat db_mysql.php file include (web-php.rules)
 * 1:2357 <-> DISABLED <-> WEB-PHP WebChat english.php file include (web-php.rules)
 * 1:2358 <-> DISABLED <-> WEB-PHP Typo3 translations.php file include (web-php.rules)
 * 1:2359 <-> DISABLED <-> WEB-PHP Invision Board ipchat.php file include (web-php.rules)
 * 1:2360 <-> DISABLED <-> WEB-PHP myphpPagetool pt_config.inc file include (web-php.rules)
 * 1:2361 <-> DISABLED <-> WEB-PHP news.php file include (web-php.rules)
 * 1:2362 <-> DISABLED <-> WEB-PHP YaBB SE packages.php file include (web-php.rules)
 * 1:2363 <-> DISABLED <-> WEB-PHP Cyboards default_header.php access (web-php.rules)
 * 1:2364 <-> DISABLED <-> WEB-PHP Cyboards options_form.php access (web-php.rules)
 * 1:2365 <-> DISABLED <-> WEB-PHP newsPHP Language file include attempt (web-php.rules)
 * 1:2366 <-> DISABLED <-> WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt (web-php.rules)
 * 1:17534 <-> DISABLED <-> MISC IPP Application Content (misc.rules)
 * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of JavaScript unescape function - likely malware obfuscation (indicator-obfuscation.rules)
 * 1:1134 <-> DISABLED <-> WEB-PHP Phorum admin access (web-php.rules)
 * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules)
 * 1:1086 <-> DISABLED <-> WEB-PHP strings overflow (web-php.rules)
 * 1:5965 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - get toolbar cfg (pua-toolbars.rules)
 * 1:5979 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - track user ip address (pua-toolbars.rules)
 * 1:10998 <-> ENABLED <-> EXPLOIT Novell GroupWise WebAccess authentication overflow (exploit.rules)
 * 1:1161 <-> DISABLED <-> WEB-PHP piranha passwd.php3 access (web-php.rules)
 * 1:1197 <-> DISABLED <-> WEB-PHP Phorum code access (web-php.rules)
 * 1:1137 <-> DISABLED <-> WEB-PHP Phorum authentication access (web-php.rules)
 * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules)
 * 1:1200 <-> DISABLED <-> INDICATOR-COMPROMISE Invalid URL (indicator-compromise.rules)
 * 1:1179 <-> DISABLED <-> WEB-PHP Phorum violation access (web-php.rules)
 * 1:9625 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player ASX file ref href buffer overflow attempt (web-client.rules)
 * 1:6191 <-> DISABLED <-> PUA-TOOLBARS Trackware onetoolbar runtime detection (pua-toolbars.rules)
 * 1:5981 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (pua-toolbars.rules)
 * 1:2398 <-> DISABLED <-> WEB-PHP WAnewsletter newsletter.php file include attempt (web-php.rules)
 * 1:6278 <-> DISABLED <-> PUA-TOOLBARS Trickler navexcel search toolbar runtime detection - activate/update (pua-toolbars.rules)
 * 1:7516 <-> DISABLED <-> PUA-TOOLBARS Trickler hmtoolbar runtime detection (pua-toolbars.rules)
 * 1:6381 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:8708 <-> DISABLED <-> WEB-PHP Wordpress cache_lastpostdate code injection attempt (web-php.rules)
 * 1:1085 <-> DISABLED <-> WEB-PHP strings overflow (web-php.rules)
 * 1:7593 <-> DISABLED <-> PUA-TOOLBARS Trackware trellian toolbarbrowser runtime detection (pua-toolbars.rules)
 * 1:6380 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - toolbar information retrieve (pua-toolbars.rules)
 * 1:6382 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - url hook (pua-toolbars.rules)
 * 1:2405 <-> DISABLED <-> WEB-PHP phptest.php access (web-php.rules)
 * 1:7518 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - get up-to-date news info (pua-toolbars.rules)
 * 1:2410 <-> DISABLED <-> WEB-PHP IGeneric Free Shopping Cart page.php access (web-php.rules)
 * 1:6379 <-> DISABLED <-> PUA-TOOLBARS Hijacker adbars runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:2438 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist file URL overflow attempt (web-client.rules)
 * 1:5980 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - display advertisement (pua-toolbars.rules)
 * 1:7580 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - update (pua-toolbars.rules)
 * 1:2439 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist http URL overflow attempt (web-client.rules)
 * 1:2440 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist rtsp URL overflow attempt (web-client.rules)
 * 1:7599 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - user info collection (pua-toolbars.rules)
 * 1:2399 <-> DISABLED <-> WEB-PHP WAnewsletter db_type.php access (web-php.rules)
 * 1:8734 <-> DISABLED <-> WEB-PHP Pajax arbitrary command execution attempt (web-php.rules)
 * 1:2565 <-> DISABLED <-> WEB-PHP modules.php access (web-php.rules)
 * 1:2393 <-> DISABLED <-> WEB-PHP /_admin access (web-php.rules)
 * 1:2566 <-> DISABLED <-> WEB-PHP PHPBB viewforum.php access (web-php.rules)
 * 1:7839 <-> DISABLED <-> PUA-TOOLBARS Hijacker rx toolbar runtime detection (pua-toolbars.rules)
 * 1:2575 <-> DISABLED <-> WEB-PHP Opt-X header.php remote file include attempt (web-php.rules)
 * 1:6408 <-> DISABLED <-> POLICY-SOCIAL webshots desktop traffic (policy-social.rules)
 * 1:6377 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - browser hijack (pua-toolbars.rules)
 * 1:2588 <-> DISABLED <-> WEB-PHP TUTOS path disclosure attempt (web-php.rules)
 * 1:2654 <-> DISABLED <-> WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt (web-php.rules)
 * 1:7522 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 2 (pua-toolbars.rules)
 * 1:8715 <-> DISABLED <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
 * 1:7526 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - stat counter (pua-toolbars.rules)
 * 1:5987 <-> DISABLED <-> PUA-TOOLBARS Hijacker wishbone runtime detection (pua-toolbars.rules)
 * 1:2926 <-> DISABLED <-> WEB-PHP PhpGedView PGV base directory manipulation (web-php.rules)
 * 1:3087 <-> DISABLED <-> WEB-IIS w3who.dll buffer overflow attempt (web-iis.rules)
 * 1:7849 <-> DISABLED <-> PUA-TOOLBARS Trickler maxsearch runtime detection - toolbar download (pua-toolbars.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:6254 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - redirect (pua-toolbars.rules)
 * 1:3689 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer tRNS overflow attempt (web-client.rules)
 * 1:7527 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - toolbar find function (pua-toolbars.rules)
 * 1:6261 <-> DISABLED <-> PUA-TOOLBARS Trickler slinkyslate toolbar runtime detection (pua-toolbars.rules)
 * 1:8712 <-> DISABLED <-> WEB-PHP cacti graph_image arbitrary command execution attempt (web-php.rules)
 * 1:6376 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - toolbar update (pua-toolbars.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC RealNetworks RealPlayer realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:3827 <-> DISABLED <-> WEB-PHP xmlrpc.php post attempt (web-php.rules)
 * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (pua-toolbars.rules)
 * 1:4676 <-> DISABLED <-> ORACLE Enterprise Manager Application Server Control POST Parameter Overflow Attempt (oracle.rules)
 * 1:4677 <-> DISABLED <-> ORACLE Enterprise Manager Application Server Control GET Parameter Overflow Attempt (oracle.rules)
 * 1:6189 <-> DISABLED <-> PUA-TOOLBARS Trackware try2find detection (pua-toolbars.rules)
 * 1:4679 <-> DISABLED <-> WEB-CLIENT Apple QuickTime movie file component name integer overflow multipacket attempt (web-client.rules)
 * 1:4916 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (indicator-obfuscation.rules)
 * 1:6487 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - check updates (pua-toolbars.rules)
 * 1:4917 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (indicator-obfuscation.rules)
 * 1:495 <-> DISABLED <-> INDICATOR-COMPROMISE command error (indicator-compromise.rules)
 * 1:7050 <-> DISABLED <-> PUA-TOOLBARS Hijacker freecruise toolbar runtime detection (pua-toolbars.rules)
 * 1:6255 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - update (pua-toolbars.rules)
 * 1:497 <-> ENABLED <-> INDICATOR-COMPROMISE file copied ok (indicator-compromise.rules)
 * 1:5692 <-> DISABLED <-> PUA-P2P Skype client successful install (pua-p2p.rules)
 * 1:5693 <-> DISABLED <-> PUA-P2P Skype client start up get latest version attempt (pua-p2p.rules)
 * 1:5694 <-> DISABLED <-> PUA-P2P Skype client setup get newest version attempt (pua-p2p.rules)
 * 1:5706 <-> DISABLED <-> POLICY-SOCIAL Namazu incoming namazu.cgi access (policy-social.rules)
 * 1:8716 <-> DISABLED <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
 * 1:7576 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - hijack ie browser (pua-toolbars.rules)
 * 1:7859 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install  - installer request (pua-toolbars.rules)
 * 1:7840 <-> DISABLED <-> PUA-TOOLBARS Hijacker instafinder initial configuration detection (pua-toolbars.rules)
 * 1:7528 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules)
 * 1:5707 <-> DISABLED <-> POLICY-SOCIAL Namazu outbound namazu.cgi access (policy-social.rules)
 * 1:6488 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - redirect mistyped urls (pua-toolbars.rules)
 * 1:5709 <-> DISABLED <-> WEB-PHP file upload directory traversal (web-php.rules)
 * 1:5749 <-> DISABLED <-> PUA-TOOLBARS Trackware alexa runtime detection (pua-toolbars.rules)
 * 1:7575 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - weather request (pua-toolbars.rules)
 * 1:6230 <-> DISABLED <-> PUA-TOOLBARS Hijacker i-lookup runtime detection (pua-toolbars.rules)
 * 1:5750 <-> DISABLED <-> PUA-TOOLBARS Adware dogpile runtime detection (pua-toolbars.rules)
 * 1:6403 <-> DISABLED <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
 * 1:5757 <-> DISABLED <-> PUA-TOOLBARS Hijacker ezcybersearch runtime detection - check toolbar setting (pua-toolbars.rules)
 * 1:5765 <-> DISABLED <-> PUA-TOOLBARS Hijacker begin2search runtime detection - ico query (pua-toolbars.rules)
 * 1:5788 <-> DISABLED <-> PUA-TOOLBARS Adware hithopper runtime detection - click toolbar buttons (pua-toolbars.rules)
 * 1:7577 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - collect information (pua-toolbars.rules)
 * 1:5801 <-> ENABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (pua-toolbars.rules)
 * 1:5802 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (pua-toolbars.rules)
 * 1:7598 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:7571 <-> DISABLED <-> PUA-TOOLBARS Hijacker linkspider search bar runtime detection - toolbar search (pua-toolbars.rules)
 * 1:6253 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - log user ativity (pua-toolbars.rules)
 * 1:5803 <-> ENABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (pua-toolbars.rules)
 * 1:5858 <-> DISABLED <-> PUA-TOOLBARS Adware praizetoolbar runtime detection (pua-toolbars.rules)
 * 1:7520 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules)
 * 1:6406 <-> DISABLED <-> POLICY-SOCIAL Gizmo VOIP client start-up version check (policy-social.rules)
 * 1:6252 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - search request (pua-toolbars.rules)
 * 1:5861 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - toolbar information request (pua-toolbars.rules)
 * 1:6484 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - search (pua-toolbars.rules)
 * 1:8714 <-> DISABLED <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
 * 1:7848 <-> DISABLED <-> PUA-TOOLBARS Hijacker netguide runtime detection (pua-toolbars.rules)
 * 1:7525 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - barad.asp request (pua-toolbars.rules)
 * 1:5864 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:5866 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - download new coupon offers and links (pua-toolbars.rules)
 * 1:6483 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - home page hijacker (pua-toolbars.rules)
 * 1:5982 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - email login page (pua-toolbars.rules)
 * 1:857 <-> DISABLED <-> WEB-CGI faxsurvey access (web-cgi.rules)
 * 1:5867 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - get updates to toolbar buttons (pua-toolbars.rules)
 * 1:5884 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - check toolbar & category info (pua-toolbars.rules)
 * 1:5885 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - ie autosearch & search assistant hijack (pua-toolbars.rules)
 * 1:5886 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - pass info to server (pua-toolbars.rules)
 * 1:7860 <-> DISABLED <-> PUA-TOOLBARS Google Desktop search query (pua-toolbars.rules)
 * 1:7590 <-> DISABLED <-> PUA-TOOLBARS Hijacker swbar runtime detection (pua-toolbars.rules)
 * 1:5892 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - get link info (pua-toolbars.rules)
 * 1:5893 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - search keyword (pua-toolbars.rules)
 * 1:5914 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - configuration download (pua-toolbars.rules)
 * 1:8073 <-> DISABLED <-> PUA-TOOLBARS Adware zango toolbar runtime detection (pua-toolbars.rules)
 * 1:5915 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - autosearch hijack (pua-toolbars.rules)
 * 1:5916 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - sidebar search (pua-toolbars.rules)
 * 1:8713 <-> DISABLED <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
 * 1:6482 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - get info (pua-toolbars.rules)
 * 1:7579 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - smileys (pua-toolbars.rules)
 * 1:5917 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - toolbar search (pua-toolbars.rules)
 * 1:5921 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - send user url request (pua-toolbars.rules)
 * 1:5922 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - display advertisement news (pua-toolbars.rules)
 * 1:2367 <-> DISABLED <-> WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt (web-php.rules)
 * 1:5939 <-> ENABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - get cfg (pua-toolbars.rules)
 * 1:5940 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - search request (pua-toolbars.rules)
 * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules)
 * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules)
 * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules)
 * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules)
 * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules)
 * 1:1254 <-> DISABLED <-> WEB-PHP PHPLIB remote command attempt (web-php.rules)
 * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules)
 * 1:17776 <-> DISABLED <-> WEB-CLIENT Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (web-client.rules)
 * 1:1774 <-> DISABLED <-> WEB-PHP bb_smilies.php access (web-php.rules)
 * 1:13819 <-> DISABLED <-> WEB-MISC IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (web-misc.rules)
 * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules)
 * 1:17144 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules)
 * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules)
 * 1:19680 <-> DISABLED <-> WEB-CLIENT Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (web-client.rules)
 * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules)
 * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules)
 * 1:15424 <-> DISABLED <-> WEB-PHP phpBB mod shoutbox sql injection attempt (web-php.rules)
 * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules)
 * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules)
 * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules)
 * 1:1425 <-> DISABLED <-> WEB-PHP content-disposition file upload attempt (web-php.rules)
 * 1:12971 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:17279 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Small Business directory traversal attempt (web-misc.rules)
 * 1:1300 <-> DISABLED <-> WEB-PHP admin.php file upload attempt (web-php.rules)
 * 1:16195 <-> ENABLED <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules)
 * 1:1301 <-> DISABLED <-> WEB-PHP admin.php access (web-php.rules)
 * 1:14771 <-> DISABLED <-> WEB-MISC BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow (web-misc.rules)
 * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:16743 <-> DISABLED <-> WEB-CLIENT Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (web-client.rules)
 * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules)
 * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules)
 * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules)
 * 1:17146 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules)
 * 1:16752 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (web-client.rules)
 * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules)
 * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:17392 <-> ENABLED <-> SHELLCODE JavaScript var shellcode (shellcode.rules)
 * 1:13483 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:1737 <-> DISABLED <-> WEB-PHP squirrel mail theme arbitrary command attempt (web-php.rules)
 * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION Generic javascript obfuscation attempt (indicator-obfuscation.rules)
 * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules)
 * 1:16359 <-> DISABLED <-> WEB-CLIENT Adobe Illustrator DSC comment overflow attempt (web-client.rules)
 * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules)
 * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules)
 * 1:17145 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules)
 * 1:1439 <-> DISABLED <-> POLICY-MULTIMEDIA Shoutcast playlist redirection (policy-multimedia.rules)
 * 1:15145 <-> ENABLED <-> EXPLOIT Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (exploit.rules)
 * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules)
 * 1:17129 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer use-after-free memory corruption attempt (web-client.rules)
 * 1:17280 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Small Business directory traversal attempt (web-misc.rules)
 * 1:15866 <-> DISABLED <-> WEB-CLIENT libxml2 file processing long entity overflow attempt (web-client.rules)
 * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules)
 * 1:16716 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules)
 * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13824 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (web-client.rules)
 * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules)
 * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules)
 * 1:1440 <-> DISABLED <-> POLICY-MULTIMEDIA Icecast playlist redirection (policy-multimedia.rules)
 * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules)
 * 1:16506 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules)
 * 1:1490 <-> DISABLED <-> WEB-PHP Phorum /support/common.php attempt (web-php.rules)
 * 1:1407 <-> DISABLED <-> WEB-PHP smssend.php access (web-php.rules)
 * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules)
 * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules)
 * 1:16739 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:16678 <-> DISABLED <-> WEB-PHP Tandberg VCS local file disclosure attempt (web-php.rules)
 * 1:1491 <-> DISABLED <-> WEB-PHP Phorum /support/common.php access (web-php.rules)
 * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:15146 <-> ENABLED <-> EXPLOIT Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (exploit.rules)
 * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules)
 * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules)
 * 1:1666 <-> DISABLED <-> INDICATOR-COMPROMISE index of /cgi-bin/ response (indicator-compromise.rules)
 * 1:16300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules)
 * 1:14989 <-> DISABLED <-> WEB-MISC Novell eDirectory SOAP Accept Language header overflow attempt (web-misc.rules)
 * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules)
 * 1:16296 <-> DISABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - with optional fields (web-client.rules)
 * 1:1436 <-> DISABLED <-> POLICY-MULTIMEDIA Apple Quicktime User Agent access (policy-multimedia.rules)
 * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules)
 * 1:1739 <-> DISABLED <-> WEB-PHP DNSTools administrator authentication bypass attempt (web-php.rules)
 * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules)
 * 1:16033 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer compressed content attempt (specific-threats.rules)
 * 1:16726 <-> DISABLED <-> WEB-CLIENT gAlan malformed file stack overflow attempt (web-client.rules)
 * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules)
 * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:17233 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules)
 * 1:13715 <-> ENABLED <-> WEB-MISC HP OpenView Network Node Manager HTTP handling buffer overflow attempt (web-misc.rules)
 * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules)
 * 1:16153 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed WMF meta escape record memory corruption (web-client.rules)
 * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules)
 * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules)
 * 1:17443 <-> DISABLED <-> WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt (web-client.rules)
 * 1:15695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15425 <-> DISABLED <-> WEB-PHP phpBB mod tag board sql injection attempt (web-php.rules)
 * 1:16087 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor AV gateway virus detection bypass attempt (specific-threats.rules)
 * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules)
 * 1:16295 <-> DISABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - without optional fields (web-client.rules)
 * 1:16194 <-> ENABLED <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules)
 * 1:1423 <-> DISABLED <-> WEB-PHP content-disposition memchr overflow (web-php.rules)
 * 1:16331 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player JPEG parsing heap overflow attempt (web-client.rules)
 * 1:17393 <-> ENABLED <-> SHELLCODE JavaScript var heapspray (shellcode.rules)
 * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules)
 * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:17272 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer AVI parsing buffer overflow attempt (web-client.rules)
 * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules)
 * 1:16213 <-> ENABLED <-> EXPLOIT Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (exploit.rules)
 * 1:16224 <-> DISABLED <-> WEB-CLIENT Apple iTunes invalid tref box exploit attempt (web-client.rules)
 * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules)
 * 1:16579 <-> DISABLED <-> CHAT mIRC IRC URL buffer overflow attempt (chat.rules)
 * 1:2368 <-> DISABLED <-> WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt (web-php.rules)
 * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules)
 * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules)
 * 1:17461 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer zipped skin file buffer overflow attempt (specific-threats.rules)
 * 1:15362 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack (indicator-obfuscation.rules)
 * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules)
 * 1:17535 <-> ENABLED <-> MISC Apple CUPS Text to PostScript Filter Integer Overflow attempt (misc.rules)
 * 1:17651 <-> DISABLED <-> SPECIFIC-THREATS Multiple AV vendor invalid archive checksum bypass attempt (specific-threats.rules)
 * 1:17440 <-> DISABLED <-> WEB-MISC RSA authentication agent for web redirect buffer overflow attempt (web-misc.rules)
 * 1:10505 <-> DISABLED <-> SHELLCODE unescape encoded shellcode (shellcode.rules)
 * 1:17486 <-> DISABLED <-> WEB-MISC Trend Micro Control Manager Chunked overflow attempt (web-misc.rules)
 * 1:17536 <-> DISABLED <-> WEB-MISC Free Download Manager Remote Control Server HTTP Auth Header buffer overflow attempt (web-misc.rules)
 * 1:1743 <-> DISABLED <-> WEB-PHP Blahz-DNS dostuff.php access (web-php.rules)
 * 1:10504 <-> DISABLED <-> SHELLCODE unescape encoded shellcode (shellcode.rules)
 * 1:971 <-> DISABLED <-> WEB-IIS ISAPI .printer access (web-iis.rules)
 * 1:1741 <-> DISABLED <-> WEB-PHP DNSTools access (web-php.rules)
 * 1:9646 <-> DISABLED <-> PUA-TOOLBARS Hijacker sogou runtime detection - search through sogou toolbar (pua-toolbars.rules)
 * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules)
 * 1:9842 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin Universal cross-site scripting attempt (file-pdf.rules)
 * 1:7578 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - reference (pua-toolbars.rules)
 * 1:7521 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 1 (pua-toolbars.rules)
 * 1:6282 <-> DISABLED <-> PUA-TOOLBARS Hijacker customtoolbar runtime detection (pua-toolbars.rules)
 * 1:6478 <-> DISABLED <-> PUA-TOOLBARS Trackware searchingall toolbar runtime detection - send user url request (pua-toolbars.rules)
 * 1:836 <-> DISABLED <-> WEB-CGI textcounter.pl access (web-cgi.rules)
 * 1:5941 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - track (pua-toolbars.rules)
 * 1:5942 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - pass information to its controlling server (pua-toolbars.rules)
 * 1:5943 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - third party information collection (pua-toolbars.rules)
 * 1:7858 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install - firstuse request (pua-toolbars.rules)
 * 1:7581 <-> DISABLED <-> PUA-TOOLBARS Hijacker flashbar runtime detection - user-agent (pua-toolbars.rules)
 * 1:6507 <-> DISABLED <-> WEB-MISC novell edirectory imonitor overflow attempt (web-misc.rules)
 * 1:5949 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - simpleticker.htm request (pua-toolbars.rules)
 * 1:5985 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar runtime detection - toolbar information request (pua-toolbars.rules)
 * 1:5950 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - pass information to server (pua-toolbars.rules)
 * 1:5951 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - search request (pua-toolbars.rules)
 * 1:5964 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - track user activity & get 'relates links' of the toolbar (pua-toolbars.rules)
 * 1:5984 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar installtime detection - user information collect (pua-toolbars.rules)
 * 1:1815 <-> DISABLED <-> WEB-PHP directory.php arbitrary command attempt (web-php.rules)
 * 1:1740 <-> DISABLED <-> WEB-PHP DNSTools authentication bypass attempt (web-php.rules)
 * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules)
 * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules)
 * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules)
 * 1:1736 <-> DISABLED <-> WEB-PHP squirrel mail spell-check arbitrary command attempt (web-php.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules)
 * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules)
 * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules)
 * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules)
 * 1:12221 <-> DISABLED <-> WEB-PHP file upload GLOBAL variable overwrite attempt (web-php.rules)
 * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules)
 * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules)
 * 1:12269 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-activex.rules)
 * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules)
 * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules)
 * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules)
 * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules)
 * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules)
 * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules)
 * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules)
 * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules)
 * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules)
 * 1:12360 <-> DISABLED <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules)
 * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules)
 * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules)
 * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules)
 * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules)
 * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules)
 * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules)
 * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules)
 * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules)
 * 1:1255 <-> DISABLED <-> WEB-PHP PHPLIB remote command attempt (web-php.rules)
 * 1:12610 <-> DISABLED <-> WEB-PHP phpBB viewtopic double URL encoding attempt (web-php.rules)
 * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules)
 * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules)
 * 1:12630 <-> DISABLED <-> SHELLCODE unescape unicode encoded shellcode (shellcode.rules)
 * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules)
 * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules)
 * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules)
 * 1:1201 <-> DISABLED <-> INDICATOR-COMPROMISE 403 Forbidden (indicator-compromise.rules)
 * 1:18219 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18478 <-> DISABLED <-> WEB-PHP miniBB rss.php premodDir remote file include attempt (web-php.rules)
 * 1:18685 <-> DISABLED <-> FILE-OTHER RTF file with embedded OLE object (file-other.rules)
 * 1:18956 <-> DISABLED <-> WEB-CGI Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (web-cgi.rules)
 * 1:19012 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:19243 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:19461 <-> ENABLED <-> WEB-CLIENT Microsoft CSRSS NULL Fontface pointer attempt (web-client.rules)
 * 1:19621 <-> DISABLED <-> WEB-CLIENT MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (web-client.rules)