Sourcefire VRT Rules Update

Date: 2012-05-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:23017 <-> DISABLED <-> SPECIFIC-THREATS c99 shell comment (specific-threats.rules)
 * 1:23016 <-> ENABLED <-> BACKDOOR base64-encoded c99 shell download (backdoor.rules)
 * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules)
 * 1:23013 <-> DISABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23015 <-> DISABLED <-> WEB-CLIENT Google Chrome and Apple Safari runin handling use after free attempt (web-client.rules)
 * 1:23012 <-> DISABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23010 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules)
 * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:860 <-> DISABLED <-> WEB-CGI snork.bat access (web-cgi.rules)
 * 1:861 <-> DISABLED <-> WEB-CGI w3-msql access (web-cgi.rules)
 * 1:863 <-> DISABLED <-> WEB-CGI day5datacopier.cgi access (web-cgi.rules)
 * 1:864 <-> DISABLED <-> WEB-CGI day5datanotifier.cgi access (web-cgi.rules)
 * 1:866 <-> DISABLED <-> WEB-CGI post-query access (web-cgi.rules)
 * 1:867 <-> DISABLED <-> WEB-CGI visadmin.exe access (web-cgi.rules)
 * 1:869 <-> DISABLED <-> WEB-CGI dumpenv.pl access (web-cgi.rules)
 * 1:8706 <-> DISABLED <-> EXPLOIT YPOPS buffer overflow attempt (exploit.rules)
 * 1:8090 <-> DISABLED <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
 * 1:7126 <-> DISABLED <-> SPYWARE-PUT Hijacker trojan proxy atiup runtime detection - notification (spyware-put.rules)
 * 1:21842 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PATHEXT% (web-misc.rules)
 * 1:21804 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21009 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21519 <-> ENABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules)
 * 1:21824 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %HOMEDRIVE% (web-misc.rules)
 * 1:871 <-> DISABLED <-> WEB-CGI survey.cgi access (web-cgi.rules)
 * 1:875 <-> DISABLED <-> WEB-CGI win-c-sample.exe access (web-cgi.rules)
 * 1:879 <-> DISABLED <-> WEB-CGI admin.pl access (web-cgi.rules)
 * 1:880 <-> DISABLED <-> WEB-CGI LWGate access (web-cgi.rules)
 * 1:883 <-> DISABLED <-> WEB-CGI flexform access (web-cgi.rules)
 * 1:887 <-> DISABLED <-> WEB-CGI www-sql access (web-cgi.rules)
 * 1:9639 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules)
 * 1:987 <-> DISABLED <-> FILE-IDENTIFY .htr access file download request (file-identify.rules)
 * 1:852 <-> DISABLED <-> WEB-CGI wguest.exe access (web-cgi.rules)
 * 1:21338 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player MP4 zero length atom attempt (specific-threats.rules)
 * 1:21818 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %ALLUSERSPROFILE% (web-misc.rules)
 * 1:21835 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERPROFILE% (web-misc.rules)
 * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules)
 * 1:21828 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMFILES - X86% (web-misc.rules)
 * 1:21246 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string DataCha0s (blacklist.rules)
 * 1:7193 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules)
 * 1:842 <-> DISABLED <-> WEB-CGI aglimpse access (web-cgi.rules)
 * 1:3694 <-> DISABLED <-> WEB-MISC Squid content length cache poisoning attempt (web-misc.rules)
 * 1:21366 <-> DISABLED <-> BACKDOOR DOQ.gen.y INSTALL traffic detected (backdoor.rules)
 * 1:838 <-> DISABLED <-> WEB-CGI webgais access (web-cgi.rules)
 * 1:21065 <-> DISABLED <-> EXPLOIT Symantec IM Manager Edituser cross site scripting attempt (exploit.rules)
 * 1:21967 <-> DISABLED <-> BACKDOOR Rebhip.A runtime detection (backdoor.rules)
 * 1:826 <-> DISABLED <-> WEB-CGI htmlscript access (web-cgi.rules)
 * 1:21057 <-> ENABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:21830 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %SystemRoot% (web-misc.rules)
 * 1:837 <-> DISABLED <-> WEB-CGI uploader.exe access (web-cgi.rules)
 * 1:5691 <-> DISABLED <-> SMTP SSLv2 Server_Hello request (smtp.rules)
 * 1:21356 <-> DISABLED <-> WEB-CLIENT Apache URI directory traversal attempt (web-client.rules)
 * 1:21305 <-> DISABLED <-> SPECIFIC-THREATS Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (specific-threats.rules)
 * 1:821 <-> DISABLED <-> WEB-CGI imagemap.exe overflow attempt (web-cgi.rules)
 * 1:21577 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules)
 * 1:823 <-> DISABLED <-> WEB-CGI cvsweb.cgi access (web-cgi.rules)
 * 1:3676 <-> DISABLED <-> WEB-MISC newsscript.pl admin attempt (web-misc.rules)
 * 1:806 <-> DISABLED <-> WEB-CGI yabb directory traversal attempt (web-cgi.rules)
 * 1:21819 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMDATA% (web-misc.rules)
 * 1:8089 <-> DISABLED <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules)
 * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:851 <-> DISABLED <-> WEB-CGI files.pl access (web-cgi.rules)
 * 1:631 <-> DISABLED <-> SMTP ehlo cybercop attempt (smtp.rules)
 * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules)
 * 1:21025 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX function call (web-activex.rules)
 * 1:845 <-> DISABLED <-> WEB-CGI AT-admin.cgi access (web-cgi.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21010 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:840 <-> DISABLED <-> WEB-CGI perlshop.cgi access (web-cgi.rules)
 * 1:21027 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX function call (web-activex.rules)
 * 1:824 <-> DISABLED <-> WEB-CGI php.cgi access (web-cgi.rules)
 * 1:21836 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %WINDIR% (web-misc.rules)
 * 1:21337 <-> DISABLED <-> WEB-MISC Apache XML HMAC truncation authentication bypass attempt (web-misc.rules)
 * 1:21833 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERDATA% (web-misc.rules)
 * 1:21363 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox appendChild use-after-free attempt (specific-threats.rules)
 * 1:21060 <-> DISABLED <-> EXPLOIT Symantec IM Manager Administrator console site injection attempt (exploit.rules)
 * 1:839 <-> DISABLED <-> WEB-CGI finger access (web-cgi.rules)
 * 1:2183 <-> DISABLED <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules)
 * 1:6410 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:7192 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules)
 * 1:21578 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules)
 * 1:21823 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMSPEC% (web-misc.rules)
 * 1:2138 <-> DISABLED <-> WEB-MISC logicworks.ini access (web-misc.rules)
 * 1:810 <-> DISABLED <-> WEB-CGI whois_raw.cgi access (web-cgi.rules)
 * 1:21786 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21876 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Exploit landing page with specific structure - Loading (specific-threats.rules)
 * 1:4988 <-> DISABLED <-> WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules)
 * 1:21782 <-> DISABLED <-> SPECIFIC-THREATS script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21918 <-> DISABLED <-> WEB-ACTIVEX IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (web-activex.rules)
 * 1:21261 <-> DISABLED <-> WEB-CLIENT Xitami if-modified-since header buffer overflow attempt (web-client.rules)
 * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21834 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERNAME% (web-misc.rules)
 * 1:847 <-> DISABLED <-> WEB-CGI campas access (web-cgi.rules)
 * 1:809 <-> DISABLED <-> WEB-CGI whois_raw.cgi arbitrary command execution attempt (web-cgi.rules)
 * 1:7191 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules)
 * 1:21780 <-> DISABLED <-> SPECIFIC-THREATS encoded waitfor delay function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:5686 <-> DISABLED <-> SMTP TLSv1 Server_Hello request (smtp.rules)
 * 1:21802 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:6409 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:3201 <-> DISABLED <-> WEB-IIS httpodbc.dll access - nimda (web-iis.rules)
 * 1:21247 <-> DISABLED <-> WEB-CLIENT IBM Lotusnotes s_viewname buffer overflow attempt (web-client.rules)
 * 1:2547 <-> DISABLED <-> MISC HP Web JetAdmin remote file upload attempt (misc.rules)
 * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:818 <-> DISABLED <-> WEB-CGI dcforum.cgi access (web-cgi.rules)
 * 1:21841 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PATH% (web-misc.rules)
 * 1:2135 <-> DISABLED <-> WEB-MISC philboard.mdb access (web-misc.rules)
 * 1:2137 <-> DISABLED <-> WEB-MISC philboard_admin.asp access (web-misc.rules)
 * 1:21700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:7692 <-> DISABLED <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules)
 * 1:21838 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PSModulePath% (web-misc.rules)
 * 1:4155 <-> DISABLED <-> WEB-ACTIVEX htmlfile ActiveX object access (web-activex.rules)
 * 1:21832 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %TMP% (web-misc.rules)
 * 1:21266 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Morfeus Scanner (blacklist.rules)
 * 1:21829 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %SystemDrive% (web-misc.rules)
 * 1:21822 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMMONPROGRAMFILES - x86% (web-misc.rules)
 * 1:3683 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer spoofed MIME-Type auto-execution attempt (web-client.rules)
 * 1:5997 <-> DISABLED <-> WEB-MISC WinProxy overly long host header buffer overflow attempt (web-misc.rules)
 * 1:833 <-> DISABLED <-> WEB-CGI rguest.exe access (web-cgi.rules)
 * 1:2260 <-> DISABLED <-> SMTP VRFY overflow attempt (smtp.rules)
 * 1:2527 <-> DISABLED <-> SMTP STARTTLS attempt (smtp.rules)
 * 1:3654 <-> DISABLED <-> SMTP SOML overflow attempt (smtp.rules)
 * 1:2230 <-> DISABLED <-> WEB-MISC NetGear router default password login attempt admin/password (web-misc.rules)
 * 1:21671 <-> DISABLED <-> WEB-PHP PECL zip URL wrapper buffer overflow attempt (web-php.rules)
 * 1:2253 <-> DISABLED <-> SMTP XEXCH50 overflow attempt (smtp.rules)
 * 1:2543 <-> DISABLED <-> SMTP SSLv3 Server_Hello request (smtp.rules)
 * 1:2388 <-> DISABLED <-> WEB-CGI streaming server view_broadcast.cgi access (web-cgi.rules)
 * 1:21843 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PROMPT% (web-misc.rules)
 * 1:21581 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - BBB (specific-threats.rules)
 * 1:21579 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21076 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:5687 <-> DISABLED <-> SMTP SSLv2 Client_Hello request (smtp.rules)
 * 1:8087 <-> DISABLED <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:21358 <-> DISABLED <-> WEB-MISC iPlanet Webserver command injection attempt (web-misc.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:21821 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMMONPROGRAMFILES% (web-misc.rules)
 * 1:5690 <-> DISABLED <-> SMTP SSLv3 Client_Hello request (smtp.rules)
 * 1:5689 <-> DISABLED <-> SMTP TLSv1 Client_Hello request (smtp.rules)
 * 1:310 <-> DISABLED <-> EXPLOIT x86 windows MailMax overflow (exploit.rules)
 * 1:21056 <-> ENABLED <-> FILE-OTHER Java attempt to write in system32 (file-other.rules)
 * 1:21007 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21840 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %LOGONSERVER% (web-misc.rules)
 * 1:21172 <-> DISABLED <-> POLICY APP-CONTROL Thunder p2p application activity detection (policy.rules)
 * 1:843 <-> DISABLED <-> WEB-CGI anform2 access (web-cgi.rules)
 * 1:835 <-> DISABLED <-> WEB-CGI test-cgi access (web-cgi.rules)
 * 1:21160 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (specific-threats.rules)
 * 1:8088 <-> DISABLED <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules)
 * 1:803 <-> DISABLED <-> WEB-CGI HyperSeek hsx.cgi directory traversal attempt (web-cgi.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21548 <-> ENABLED <-> BOTNET-CNC Cutwail landing page connection attempt (botnet-cnc.rules)
 * 1:21214 <-> DISABLED <-> WEB-MISC Apache server mod_proxy reverse proxy bypass attempt (web-misc.rules)
 * 1:21844 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %USERDOMAIN% (web-misc.rules)
 * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21594 <-> DISABLED <-> WEB-MISC Gravity GTD objectname parameter injection attempt (web-misc.rules)
 * 1:21109 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:3655 <-> DISABLED <-> SMTP SEND overflow attempt (smtp.rules)
 * 1:807 <-> DISABLED <-> WEB-CGI /wwwboard/passwd.txt access (web-cgi.rules)
 * 1:805 <-> DISABLED <-> WEB-CGI webspeed access (web-cgi.rules)
 * 1:5739 <-> DISABLED <-> SMTP headers too long server response (smtp.rules)
 * 1:21257 <-> DISABLED <-> BLACKLIST URI - known scanner tool muieblackcat (blacklist.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:834 <-> DISABLED <-> WEB-CGI rwwwshell.pl access (web-cgi.rules)
 * 1:812 <-> DISABLED <-> WEB-CGI webplus version access (web-cgi.rules)
 * 1:21513 <-> DISABLED <-> DOS HOIC tool (dos.rules)
 * 1:21558 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Antivirus ActiveX clsid access (web-activex.rules)
 * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:3653 <-> DISABLED <-> SMTP SAML overflow attempt (smtp.rules)
 * 1:21299 <-> ENABLED <-> EXPLOIT Microsoft Silverlight privilege escalation attempt (exploit.rules)
 * 1:3150 <-> DISABLED <-> WEB-IIS SQLXML content type overflow (web-iis.rules)
 * 1:808 <-> DISABLED <-> WEB-CGI webdriver access (web-cgi.rules)
 * 1:21827 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMFILES% (web-misc.rules)
 * 1:21549 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific header (specific-threats.rules)
 * 1:21365 <-> DISABLED <-> BACKDOOR DOQ.gen.y RUNTIME traffic detected (backdoor.rules)
 * 1:21923 <-> DISABLED <-> WEB-CLIENT Apache Tomcat PUT request remote file deployment attempt (web-client.rules)
 * 1:21077 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX function call (web-activex.rules)
 * 1:21116 <-> DISABLED <-> SPECIFIC-THREATS Cisco Webex selector and size2 subrecords corruption attempt (specific-threats.rules)
 * 1:3824 <-> DISABLED <-> SMTP AUTH user overflow attempt (smtp.rules)
 * 1:8085 <-> DISABLED <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:3656 <-> DISABLED <-> SMTP MDaemon 6.5.1 and prior versions MAIL overflow attempt (smtp.rules)
 * 1:813 <-> DISABLED <-> WEB-CGI webplus directory traversal (web-cgi.rules)
 * 1:21559 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Antivirus ActiveX clsid access (web-activex.rules)
 * 1:2487 <-> DISABLED <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules)
 * 1:21314 <-> DISABLED <-> WEB-MISC HP Insight Diagnostics XSS attempt (web-misc.rules)
 * 1:22918 <-> DISABLED <-> BACKDOOR c99shell.php command request - search (backdoor.rules)
 * 1:849 <-> DISABLED <-> WEB-CGI view-source access (web-cgi.rules)
 * 1:21489 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows chm file malware related exploit (specific-threats.rules)
 * 1:848 <-> DISABLED <-> WEB-CGI view-source directory traversal (web-cgi.rules)
 * 1:21820 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %APPDATA% (web-misc.rules)
 * 1:21539 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific header (specific-threats.rules)
 * 1:815 <-> DISABLED <-> WEB-CGI websendmail access (web-cgi.rules)
 * 1:2259 <-> DISABLED <-> SMTP EXPN overflow attempt (smtp.rules)
 * 1:21078 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (specific-threats.rules)
 * 1:21171 <-> DISABLED <-> POLICY APP-CONTROL Thunder p2p application activity detection (policy.rules)
 * 1:825 <-> DISABLED <-> WEB-CGI glimpse access (web-cgi.rules)
 * 1:21784 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21024 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX clsid access (web-activex.rules)
 * 1:811 <-> DISABLED <-> WEB-CGI websitepro path access (web-cgi.rules)
 * 1:21831 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %TEMP% (web-misc.rules)
 * 1:21398 <-> DISABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules)
 * 1:672 <-> DISABLED <-> SMTP vrfy decode (smtp.rules)
 * 1:2136 <-> DISABLED <-> WEB-MISC philboard_admin.asp authentication bypass attempt (web-misc.rules)
 * 1:21580 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21008 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21661 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - catch (specific-threats.rules)
 * 1:829 <-> DISABLED <-> WEB-CGI nph-test-cgi access (web-cgi.rules)
 * 1:21584 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21357 <-> DISABLED <-> EXPLOIT Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (exploit.rules)
 * 1:846 <-> DISABLED <-> WEB-CGI bnbform.cgi access (web-cgi.rules)
 * 1:21473 <-> DISABLED <-> BOTNET-CNC Trojan.GameThief variant outbound connection (botnet-cnc.rules)
 * 1:3682 <-> DISABLED <-> SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:5685 <-> DISABLED <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
 * 1:2139 <-> DISABLED <-> WEB-MISC /*.shtml access (web-misc.rules)
 * 1:3461 <-> DISABLED <-> SMTP Content-Type overflow attempt (smtp.rules)
 * 1:21560 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Antivirus ActiveX clsid access (web-activex.rules)
 * 1:2275 <-> DISABLED <-> SMTP AUTH LOGON brute force attempt (smtp.rules)
 * 1:21785 <-> DISABLED <-> SPECIFIC-THREATS javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:2488 <-> DISABLED <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules)
 * 1:21561 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Antivirus ActiveX function call access (web-activex.rules)
 * 1:21803 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:817 <-> DISABLED <-> WEB-CGI dcboard.cgi invalid user addition attempt (web-cgi.rules)
 * 1:21067 <-> DISABLED <-> EXPLOIT Symantec IM Manager TOC_simple cross site scripting attempt (exploit.rules)
 * 1:21026 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX clsid access (web-activex.rules)
 * 1:7834 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
 * 1:21787 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21837 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PUBLIC% (web-misc.rules)
 * 1:21522 <-> DISABLED <-> EXPLOIT Apache Struts parameters interceptor remote code execution attempt (exploit.rules)
 * 1:844 <-> DISABLED <-> WEB-CGI args.bat access (web-cgi.rules)
 * 1:21839 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %COMPUTERNAME% (web-misc.rules)
 * 1:309 <-> DISABLED <-> EXPLOIT sniffit overflow (exploit.rules)
 * 1:21248 <-> DISABLED <-> WEB-CLIENT IBM Domino HTTP redirect host buffer overflow attempt (web-client.rules)
 * 1:21919 <-> DISABLED <-> WEB-ACTIVEX IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (web-activex.rules)
 * 1:632 <-> DISABLED <-> SMTP expn cybercop attempt (smtp.rules)
 * 1:5688 <-> DISABLED <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
 * 1:819 <-> DISABLED <-> WEB-CGI mmstdod.cgi access (web-cgi.rules)
 * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:654 <-> DISABLED <-> SMTP RCPT TO overflow (smtp.rules)
 * 1:21781 <-> DISABLED <-> SPECIFIC-THREATS encoded union select function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:21783 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21670 <-> DISABLED <-> SPECIFIC-THREATS PHP phpinfo GET POST and COOKIE Parameters cross site scripting attempt (specific-threats.rules)
 * 1:21788 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:6412 <-> DISABLED <-> SMTP Microsoft Windows Address Book attachment detected (smtp.rules)
 * 1:21393 <-> DISABLED <-> SPECIFIC-THREATS Magix Musik Maker 16 buffer overflow attempt (specific-threats.rules)
 * 1:21510 <-> ENABLED <-> SPECIFIC-THREATS Sakura exploit kit logo transfer (specific-threats.rules)
 * 1:6413 <-> DISABLED <-> SMTP Microsoft Windows Address Book Base64 encoded attachment detected (smtp.rules)
 * 1:21271 <-> DISABLED <-> WEB-MISC Devellion CubeCart searchStr parameter SQL injection (web-misc.rules)
 * 1:21066 <-> DISABLED <-> EXPLOIT Symantec IM Manager Systemdashboard cross site scripting attempt (exploit.rules)
 * 1:827 <-> DISABLED <-> WEB-CGI info2www access (web-cgi.rules)
 * 1:2156 <-> DISABLED <-> WEB-MISC mod_gzip_status access (web-misc.rules)
 * 1:21079 <-> DISABLED <-> SCADA Siemens SIMATIC HMI Administrator cookie detected (scada.rules)
 * 1:21789 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:820 <-> DISABLED <-> WEB-CGI anaconda directory transversal attempt (web-cgi.rules)
 * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21260 <-> DISABLED <-> SPECIFIC-THREATS Apache Byte-Range Filter denial of service attempt (specific-threats.rules)
 * 1:6411 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:21161 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (web-iis.rules)
 * 1:21922 <-> DISABLED <-> WEB-CLIENT VLC mms hostname buffer overflow attempt (web-client.rules)
 * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:21094 <-> DISABLED <-> WEB-ACTIVEX McAfee Remediation Agent ActiveX function call access (web-activex.rules)
 * 1:21825 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %HOMEPATH% (web-misc.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:8086 <-> DISABLED <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:21270 <-> DISABLED <-> WEB-MISC Devellion CubeCart multiple parameter XSS vulnerability (web-misc.rules)
 * 1:804 <-> DISABLED <-> WEB-CGI SWSoft ASPSeek Overflow attempt (web-cgi.rules)
 * 1:853 <-> DISABLED <-> WEB-CGI wrap access (web-cgi.rules)
 * 1:854 <-> DISABLED <-> WEB-CGI classifieds.cgi access (web-cgi.rules)
 * 1:858 <-> DISABLED <-> WEB-CGI filemail access (web-cgi.rules)
 * 1:859 <-> DISABLED <-> WEB-CGI man.sh access (web-cgi.rules)
 * 1:21826 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %LOCALAPPDATA% (web-misc.rules)
 * 1:21465 <-> DISABLED <-> WEB-MISC HTTP response splitting attempt (web-misc.rules)
 * 1:18870 <-> DISABLED <-> SMTP .pif attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18872 <-> DISABLED <-> SMTP .prf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18873 <-> DISABLED <-> SMTP .prg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18874 <-> DISABLED <-> SMTP .pst attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18871 <-> DISABLED <-> SMTP .plg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18875 <-> DISABLED <-> SMTP .reg attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18877 <-> DISABLED <-> SMTP .scr attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18878 <-> DISABLED <-> SMTP .sct attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18879 <-> DISABLED <-> SMTP .shb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18876 <-> DISABLED <-> SMTP .scf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18880 <-> DISABLED <-> SMTP .shs attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18882 <-> DISABLED <-> SMTP .ps1xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18883 <-> DISABLED <-> SMTP .ps2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18884 <-> DISABLED <-> SMTP .ps2xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18881 <-> DISABLED <-> SMTP .ps1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18885 <-> DISABLED <-> SMTP .psc1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18887 <-> DISABLED <-> SMTP .tmp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18888 <-> DISABLED <-> SMTP .url attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18889 <-> DISABLED <-> SMTP .vb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18886 <-> DISABLED <-> SMTP .psc2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18890 <-> DISABLED <-> SMTP .vbe attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18892 <-> DISABLED <-> SMTP .vbs attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18893 <-> DISABLED <-> SMTP .vsmacros attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18894 <-> DISABLED <-> SMTP .vsw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18891 <-> DISABLED <-> SMTP .vbp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18895 <-> DISABLED <-> SMTP .ws attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18897 <-> DISABLED <-> SMTP .wsf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18898 <-> DISABLED <-> SMTP .wsh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18899 <-> DISABLED <-> SMTP .xnk attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18896 <-> DISABLED <-> SMTP .wsc attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18964 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18966 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18968 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript3 stack integer overflow attempt (specific-threats.rules)
 * 1:18969 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript ActionIf integer overflow attempt (specific-threats.rules)
 * 1:18965 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (specific-threats.rules)
 * 1:18970 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player null pointer dereference attempt (specific-threats.rules)
 * 1:18983 <-> ENABLED <-> FILE-IDENTIFY Apple Mach-O executable file magic detected (file-identify.rules)
 * 1:18992 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player content parsing execution attempt (specific-threats.rules)
 * 1:18993 <-> DISABLED <-> WEB-MISC HP OpenView Network Node Manager server name exploit attempt (web-misc.rules)
 * 1:18971 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash beginGradientfill improper color validation attempt (specific-threats.rules)
 * 1:19015 <-> DISABLED <-> PHISHING-SPAM visiopharm-3d.eu known spam email attempt (phishing-spam.rules)
 * 1:19107 <-> DISABLED <-> SPECIFIC-THREATS Apache mod_isapi dangling pointer code execution attempt (specific-threats.rules)
 * 1:19122 <-> DISABLED <-> PHISHING-SPAM appledownload.com known spam email attempt (phishing-spam.rules)
 * 1:19126 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19080 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19127 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19129 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19170 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows .NET Framework XAML browser applications stack corruption (specific-threats.rules)
 * 1:19186 <-> DISABLED <-> WEB-CLIENT Microsoft Certification service XSS attempt (web-client.rules)
 * 1:19128 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19188 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules)
 * 1:19223 <-> DISABLED <-> EXPLOIT SAP Crystal Reports 2008 Directory Transversal attempt (exploit.rules)
 * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules)
 * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19263 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19264 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19262 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19416 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPad download attempt (file-pdf.rules)
 * 1:19418 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPhone download attempt (file-pdf.rules)
 * 1:19419 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPod download attempt (file-pdf.rules)
 * 1:19438 <-> DISABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules)
 * 1:19417 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPad download attempt (file-pdf.rules)
 * 1:19439 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19558 <-> DISABLED <-> WEB-MISC JBoss expression language actionOutcome remote code execution (web-misc.rules)
 * 1:19645 <-> DISABLED <-> EXPLOIT cross-site scripting attempt via form data attempt (exploit.rules)
 * 1:19665 <-> DISABLED <-> EXPLOIT Microsoft Windows Remote Desktop web access cross-site scripting attempt (exploit.rules)
 * 1:19440 <-> DISABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:19684 <-> DISABLED <-> SPECIFIC-THREATS Adobe CFF font storage memory corruption attempt (specific-threats.rules)
 * 1:1979 <-> DISABLED <-> WEB-MISC perl post attempt (web-misc.rules)
 * 1:19848 <-> DISABLED <-> SPYWARE-PUT Adware.Virtumonde runtime detection (spyware-put.rules)
 * 1:19849 <-> DISABLED <-> SPYWARE-PUT Adware.Virtumonde runtime detection (spyware-put.rules)
 * 1:19686 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash uninitialized bitmap structure memory corruption attempt (specific-threats.rules)
 * 1:19869 <-> DISABLED <-> DOS Anonymous PHP RefRef DoS tool (dos.rules)
 * 1:19933 <-> DISABLED <-> WEB-MISC DirBuster brute forcing tool detected (web-misc.rules)
 * 1:20006 <-> DISABLED <-> BACKDOOR Worm Plurp.A runtime traffic detected (backdoor.rules)
 * 1:20013 <-> DISABLED <-> WEB-MISC HP OpenView Network Node Manager webappmon.exe host header buffer overflow attempt (web-misc.rules)
 * 1:19870 <-> DISABLED <-> DOS Anonymous Perl RefRef DoS tool (dos.rules)
 * 1:20029 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20034 <-> DISABLED <-> EXPLOIT ESTsoft ALZip MIM File Buffer Overflow Attempt (exploit.rules)
 * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20031 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20111 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20112 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20113 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:20114 <-> DISABLED <-> EXPLOIT Microsoft SharePoint hiddenSpanData cross site scripting attempt (exploit.rules)
 * 1:20131 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules)
 * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Reader embedded PCX parsing corruption attempt (file-pdf.rules)
 * 1:20116 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint Javascript XSS attempt (exploit.rules)
 * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules)
 * 1:20158 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server default credentials login attempt (web-misc.rules)
 * 1:20159 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server authentication bypass attempt (web-misc.rules)
 * 1:20169 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20157 <-> DISABLED <-> POLICY Oracle GlassFish Server war file upload attempt (policy.rules)
 * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules)
 * 1:20174 <-> DISABLED <-> SCADA Cogent DataHub server-side information disclosure (scada.rules)
 * 1:20184 <-> ENABLED <-> SHELLCODE Metasploit php meterpreter stub .php file upload (shellcode.rules)
 * 1:20227 <-> DISABLED <-> EXPLOIT VideoLAN VLC webm memory corruption attempt (exploit.rules)
 * 1:20173 <-> DISABLED <-> SCADA Cogent DataHub server-side information disclosure (scada.rules)
 * 1:20257 <-> DISABLED <-> WEB-MISC Microsoft ForeFront UAG ExcelTable.asp XSS attempt (web-misc.rules)
 * 1:20260 <-> DISABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20272 <-> DISABLED <-> DOS Microsoft Forefront UAG NLSessionS cookie overflow attempt (dos.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20258 <-> DISABLED <-> EXPLOIT Microsoft Forefront UAG javascript handler in URI XSS attempt (exploit.rules)
 * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules)
 * 1:20451 <-> DISABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20452 <-> DISABLED <-> FILE-IDENTIFY GZip file magic detected (file-identify.rules)
 * 1:20453 <-> DISABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20450 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20454 <-> DISABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20456 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> DISABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20461 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20455 <-> DISABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20476 <-> DISABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> DISABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20479 <-> DISABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20475 <-> DISABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20484 <-> DISABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20487 <-> DISABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> DISABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20485 <-> DISABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20490 <-> DISABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20513 <-> DISABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20515 <-> DISABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20518 <-> DISABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20491 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20519 <-> DISABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20528 <-> DISABLED <-> WEB-MISC Apache mod_proxy reverse proxy information disclosure (web-misc.rules)
 * 1:20545 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player SWF embedded font null pointer attempt (specific-threats.rules)
 * 1:20520 <-> DISABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20547 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player overlapping record overflow attempt (specific-threats.rules)
 * 1:20550 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player Mover3D clipping exploit (specific-threats.rules)
 * 1:20551 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player Stage 3D texture format overflow attempt (specific-threats.rules)
 * 1:20555 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash MP4 ref_frame allocated buffer overflow attempt (specific-threats.rules)
 * 1:20549 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion attempt (specific-threats.rules)
 * 1:20556 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player PlaceObjectX null pointer dereference attempt (specific-threats.rules)
 * 1:2056 <-> DISABLED <-> WEB-MISC TRACE attempt (web-misc.rules)
 * 1:20563 <-> DISABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> DISABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20557 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionDefineFunction2 length overflow attempt (specific-threats.rules)
 * 1:2057 <-> DISABLED <-> WEB-MISC helpout.exe access (web-misc.rules)
 * 1:20588 <-> DISABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> DISABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:2059 <-> DISABLED <-> WEB-MISC MsmMask.exe access (web-misc.rules)
 * 1:2058 <-> DISABLED <-> WEB-MISC MsmMask.exe attempt (web-misc.rules)
 * 1:2060 <-> DISABLED <-> WEB-MISC DB4Web access (web-misc.rules)
 * 1:20612 <-> DISABLED <-> SPECIFIC-THREATS Apache Tomcat Java AJP connector invalid header timeout DOS attempt (specific-threats.rules)
 * 1:20617 <-> DISABLED <-> EXPLOIT Sage SalesLogix admin authentication bypass attempt (exploit.rules)
 * 1:2062 <-> DISABLED <-> WEB-MISC iPlanet .perf access (web-misc.rules)
 * 1:2061 <-> DISABLED <-> WEB-MISC Apache Tomcat null byte directory listing attempt (web-misc.rules)
 * 1:20621 <-> DISABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:2063 <-> DISABLED <-> WEB-MISC Demarc SQL injection attempt (web-misc.rules)
 * 1:20635 <-> DISABLED <-> WEB-MISC HP Data Protector GetPolicies SQL Injection attempt (web-misc.rules)
 * 1:20636 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:20628 <-> DISABLED <-> WEB-MISC HP Data Protector FinishedCopy SQL Injection attempt (web-misc.rules)
 * 1:20637 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:2065 <-> DISABLED <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules)
 * 1:20653 <-> DISABLED <-> SMTP Microsoft Windows Media Player ASX file ref href buffer overflow attempt (smtp.rules)
 * 1:2066 <-> DISABLED <-> WEB-MISC Lotus Notes .pl script source download attempt (web-misc.rules)
 * 1:20638 <-> DISABLED <-> SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (scada.rules)
 * 1:20664 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (web-iis.rules)
 * 1:2067 <-> DISABLED <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules)
 * 1:2068 <-> DISABLED <-> WEB-MISC BitKeeper arbitrary command attempt (web-misc.rules)
 * 1:2069 <-> DISABLED <-> WEB-MISC chip.ini access (web-misc.rules)
 * 1:20665 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (web-iis.rules)
 * 1:20691 <-> DISABLED <-> WEB-MISC Cisco Network Registrar default credentials authentication attempt (web-misc.rules)
 * 1:2070 <-> DISABLED <-> WEB-MISC post32.exe arbitrary command attempt (web-misc.rules)
 * 1:2071 <-> DISABLED <-> WEB-MISC post32.exe access (web-misc.rules)
 * 1:2072 <-> DISABLED <-> WEB-MISC lyris.pl access (web-misc.rules)
 * 1:20692 <-> DISABLED <-> WEB-MISC Cisco network registrar default credentials authentication attempt (web-misc.rules)
 * 1:20723 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20735 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (specific-threats.rules)
 * 1:20737 <-> DISABLED <-> SPECIFIC-THREATS 427BB cookie-based authentication bypass attempt (specific-threats.rules)
 * 1:2073 <-> DISABLED <-> WEB-MISC globals.pl access (web-misc.rules)
 * 1:20741 <-> DISABLED <-> DOS SpamAssassin GTube string denial of service attempt (dos.rules)
 * 1:20751 <-> DISABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20766 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20778 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (specific-threats.rules)
 * 1:20750 <-> DISABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20779 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (specific-threats.rules)
 * 1:20781 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20800 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20780 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (specific-threats.rules)
 * 1:20804 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20806 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20807 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20821 <-> DISABLED <-> EXPLOIT Apache APR header memory corruption attempt (exploit.rules)
 * 1:20805 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20824 <-> DISABLED <-> DOS generic web server hashing collision attack (dos.rules)
 * 1:20829 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS .NET null character username truncation attempt (web-iis.rules)
 * 1:20832 <-> DISABLED <-> WEB-MISC Symantec IM Manager administrator interface SQL injection attempt (web-misc.rules)
 * 1:20839 <-> DISABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20828 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (web-iis.rules)
 * 1:20840 <-> DISABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20845 <-> DISABLED <-> WEB-MISC HP Network Node Manager cross site scripting attempt (web-misc.rules)
 * 1:20852 <-> DISABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20859 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20841 <-> DISABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20860 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20863 <-> DISABLED <-> WEB-MISC Jive Software Openfire log.jsp XSS attempt (web-misc.rules)
 * 1:20864 <-> DISABLED <-> WEB-MISC Jive Software Openfire group-summary.jsp XSS attempt (web-misc.rules)
 * 1:20865 <-> DISABLED <-> WEB-MISC Jive Software Openfire user-properties.jsp XSS attempt (web-misc.rules)
 * 1:20862 <-> DISABLED <-> WEB-MISC Jive Software Openfire logviewer.jsp XSS attempt (web-misc.rules)
 * 1:20866 <-> DISABLED <-> WEB-MISC Jive Software Openfire audit-policy.jsp XSS attempt (web-misc.rules)
 * 1:20868 <-> DISABLED <-> WEB-MISC Jive Software Openfire muc-room-edit-form.jsp XSS attempt (web-misc.rules)
 * 1:20869 <-> DISABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:2087 <-> DISABLED <-> SMTP From comment overflow attempt (smtp.rules)
 * 1:20867 <-> DISABLED <-> WEB-MISC Jive Software Openfire server-properties.jsp XSS attempt (web-misc.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20889 <-> ENABLED <-> EXPLOIT Video Spirit visprj buffer overflow (exploit.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20903 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20904 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20902 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Reader DCT dequantizer memory corruption attempt (file-pdf.rules)
 * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20917 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20988 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string ZmEu - vulnerability scanner (blacklist.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20986 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:1001 <-> DISABLED <-> WEB-MISC carbo.dll access (web-misc.rules)
 * 1:10064 <-> DISABLED <-> EXPLOIT Peercast URL Parameter overflow attempt (exploit.rules)
 * 1:10065 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10067 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10068 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10069 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10066 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10070 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10072 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10073 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10074 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10071 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10075 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10077 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10123 <-> DISABLED <-> SPECIFIC-THREATS PA168 chipset based IP phone default password attempt (specific-threats.rules)
 * 1:10124 <-> DISABLED <-> SPECIFIC-THREATS PA168 chipset based IP phone authentication bypass (specific-threats.rules)
 * 1:10076 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm smtp propagation detection (botnet-cnc.rules)
 * 1:10186 <-> DISABLED <-> SMTP ClamAV mime parsing directory traversal (smtp.rules)
 * 1:10387 <-> DISABLED <-> WEB-ACTIVEX McAfee Site Manager ActiveX clsid access (web-activex.rules)
 * 1:10389 <-> DISABLED <-> WEB-ACTIVEX McAfee Site Manager ActiveX function call access (web-activex.rules)
 * 1:10403 <-> ENABLED <-> BOTNET-CNC Trojan.Duntek Checkin GET Request (botnet-cnc.rules)
 * 1:10195 <-> DISABLED <-> WEB-MISC Content-Length buffer overflow attempt (web-misc.rules)
 * 1:1061 <-> DISABLED <-> SQL xp_cmdshell attempt (sql.rules)
 * 1:1078 <-> DISABLED <-> SQL counter.exe access (sql.rules)
 * 1:10999 <-> DISABLED <-> WEB-CGI chetcpasswd access (web-cgi.rules)
 * 1:11191 <-> DISABLED <-> WEB-IIS Microsoft Content Management Server memory corruption (web-iis.rules)
 * 1:1077 <-> DISABLED <-> SQL queryhit.htm access (sql.rules)
 * 1:11192 <-> ENABLED <-> FILE-IDENTIFY download of executable content (file-identify.rules)
 * 1:11259 <-> DISABLED <-> WEB-ACTIVEX BarcodeWiz ActiveX clsid access (web-activex.rules)
 * 1:11261 <-> DISABLED <-> WEB-ACTIVEX BarcodeWiz ActiveX function call access (web-activex.rules)
 * 1:11272 <-> DISABLED <-> WEB-MISC Apache newline exploit attempt (web-misc.rules)
 * 1:11223 <-> DISABLED <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules)
 * 1:11273 <-> DISABLED <-> WEB-MISC Apache header parsing space saturation denial of service attempt (web-misc.rules)
 * 1:11616 <-> DISABLED <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)
 * 1:11664 <-> DISABLED <-> WEB-PHP sphpblog password.txt access attempt (web-php.rules)
 * 1:11665 <-> DISABLED <-> WEB-PHP sphpblog install03_cgi access attempt (web-php.rules)
 * 1:1156 <-> DISABLED <-> WEB-MISC apache directory disclosure attempt (web-misc.rules)
 * 1:11666 <-> DISABLED <-> WEB-PHP sphpblog upload_img_cgi access attempt (web-php.rules)
 * 1:11668 <-> DISABLED <-> WEB-PHP vbulletin php code injection (web-php.rules)
 * 1:12043 <-> DISABLED <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules)
 * 1:12056 <-> DISABLED <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules)
 * 1:11667 <-> DISABLED <-> WEB-PHP sphpblog arbitrary file delete attempt (web-php.rules)
 * 1:12057 <-> DISABLED <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules)
 * 1:12059 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:12060 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:12283 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12058 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
 * 1:12362 <-> DISABLED <-> WEB-MISC Squid HTTP Proxy-Authorization overflow (web-misc.rules)
 * 1:12592 <-> DISABLED <-> SMTP Recipient arbitrary command injection attempt (smtp.rules)
 * 1:12593 <-> DISABLED <-> EXPLOIT Mozilla Firefox Apple Quicktime chrome exploit (exploit.rules)
 * 1:12597 <-> DISABLED <-> DOS utf8 filename transfer attempt (dos.rules)
 * 1:12465 <-> DISABLED <-> EXPLOIT Apache APR memory corruption attempt (exploit.rules)
 * 1:12634 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (exploit.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13513 <-> DISABLED <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules)
 * 1:12807 <-> DISABLED <-> SMTP Lotus 123 file attachment (smtp.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13626 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules)
 * 1:13629 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules)
 * 1:13584 <-> DISABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13630 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules)
 * 1:13797 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13816 <-> DISABLED <-> SPECIFIC-THREATS Metasploit Framework xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13817 <-> DISABLED <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13633 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules)
 * 1:13818 <-> DISABLED <-> SPECIFIC-THREATS alternate xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13915 <-> DISABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules)
 * 1:13894 <-> DISABLED <-> SMTP Micrsoft Office Outlook Web Access From field cross-site scripting attempt  (smtp.rules)
 * 1:1410 <-> DISABLED <-> WEB-CGI dcboard.cgi access (web-cgi.rules)
 * 1:1446 <-> DISABLED <-> SMTP vrfy root (smtp.rules)
 * 1:1451 <-> DISABLED <-> WEB-CGI NPH-maillist access (web-cgi.rules)
 * 1:1452 <-> DISABLED <-> WEB-CGI args.cmd access (web-cgi.rules)
 * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media download detected (file-identify.rules)
 * 1:1453 <-> DISABLED <-> WEB-CGI AT-generated.cgi access (web-cgi.rules)
 * 1:1455 <-> DISABLED <-> WEB-CGI calendar.pl access (web-cgi.rules)
 * 1:1456 <-> DISABLED <-> WEB-CGI calender_admin.pl access (web-cgi.rules)
 * 1:1457 <-> DISABLED <-> WEB-CGI user_update_admin.pl access (web-cgi.rules)
 * 1:1454 <-> DISABLED <-> WEB-CGI wwwwais access (web-cgi.rules)
 * 1:1458 <-> DISABLED <-> WEB-CGI user_update_passwd.pl access (web-cgi.rules)
 * 1:15191 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox animated PNG processing integer overflow (specific-threats.rules)
 * 1:15359 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent via email (smtp.rules)
 * 1:1536 <-> DISABLED <-> WEB-CGI calendar_admin.pl arbitrary command execution attempt (web-cgi.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15360 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent in email (smtp.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15471 <-> DISABLED <-> WEB-CLIENT asp file upload (web-client.rules)
 * 1:15477 <-> DISABLED <-> EXPLOIT Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (exploit.rules)
 * 1:1537 <-> DISABLED <-> WEB-CGI calendar_admin.pl access (web-cgi.rules)
 * 1:15487 <-> ENABLED <-> POLICY-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (policy-multimedia.rules)
 * 1:15491 <-> DISABLED <-> EXPLOIT Subversion 1.0.2 dated-rev-report buffer overflow attempt (exploit.rules)
 * 1:15494 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent from email (smtp.rules)
 * 1:15495 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent by email (smtp.rules)
 * 1:1549 <-> DISABLED <-> SMTP HELO overflow attempt (smtp.rules)
 * 1:15496 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent through email (smtp.rules)
 * 1:1550 <-> DISABLED <-> SMTP ETRN overflow attempt (smtp.rules)
 * 1:15511 <-> DISABLED <-> SPECIFIC-THREATS Oracle WebLogic Apache Connector buffer overflow attempt (specific-threats.rules)
 * 1:15526 <-> ENABLED <-> EXPLOIT Microsoft Works 4.x converter font name buffer overflow attempt (exploit.rules)
 * 1:15497 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent with email (smtp.rules)
 * 1:15540 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer DOM memory corruption attempt (web-client.rules)
 * 1:15578 <-> DISABLED <-> SPECIFIC-THREATS Slowloris http DoS tool (specific-threats.rules)
 * 1:15579 <-> DISABLED <-> SPECIFIC-THREATS Squid NTLM fakeauth_auth Helper denial of service attempt (specific-threats.rules)
 * 1:15582 <-> DISABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15574 <-> DISABLED <-> SMTP MAIL FROM command overflow attempt (smtp.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15729 <-> ENABLED <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules)
 * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF font processing memory corruption attempt (file-pdf.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:1571 <-> DISABLED <-> WEB-CGI dcforum.cgi directory traversal attempt (web-cgi.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection atttempt - POST parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:15962 <-> DISABLED <-> SPECIFIC-THREATS Sybase EAServer WebConsole overflow attempt (specific-threats.rules)
 * 1:15978 <-> DISABLED <-> WEB-MISC Macromedia JRun 4 mod_jrun buffer overflow attempt (web-misc.rules)
 * 1:15982 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (web-misc.rules)
 * 1:15985 <-> DISABLED <-> SPECIFIC-THREATS Microsoft ASP.NET canonicalization exploit attempt (specific-threats.rules)
 * 1:15977 <-> DISABLED <-> SPECIFIC-THREATS PHP strip_tags bypass vulnerability exploit attempt (specific-threats.rules)
 * 1:15995 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (exploit.rules)
 * 1:16038 <-> DISABLED <-> SMTP Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (smtp.rules)
 * 1:1607 <-> DISABLED <-> WEB-CGI HyperSeek hsx.cgi access (web-cgi.rules)
 * 1:16078 <-> DISABLED <-> SPECIFIC-THREATS PHP memory_limit vulnerability exploit attempt (specific-threats.rules)
 * 1:15996 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Negotiate SSP buffer overflow attempt (specific-threats.rules)
 * 1:16079 <-> DISABLED <-> WEB-CGI uselang code injection (web-cgi.rules)
 * 1:1610 <-> DISABLED <-> WEB-CGI formmail arbitrary command execution attempt (web-cgi.rules)
 * 1:16184 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (specific-threats.rules)
 * 1:16221 <-> DISABLED <-> EXPLOIT Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial of service attempt (exploit.rules)
 * 1:1608 <-> DISABLED <-> WEB-CGI htmlscript attempt (web-cgi.rules)
 * 1:16225 <-> DISABLED <-> EXPLOIT Adobe Shockwave Flash arbitrary memory access attempt (exploit.rules)
 * 1:16313 <-> ENABLED <-> FILE-IDENTIFY download of executable content - x-header (file-identify.rules)
 * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16354 <-> DISABLED <-> FILE-PDF Adobe PDF start-of-file alternate header obfuscation (file-pdf.rules)
 * 1:16294 <-> DISABLED <-> EXPLOIT Microsoft Windows TCP stack zero window size exploit attempt (exploit.rules)
 * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules)
 * 1:16390 <-> DISABLED <-> FILE-PDF Adobe PDF alternate file magic obfuscation (file-pdf.rules)
 * 1:16422 <-> DISABLED <-> EXPLOIT Microsoft Windows Paint JPEG with malformed SOFx field (exploit.rules)
 * 1:16426 <-> DISABLED <-> WEB-MISC Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (web-misc.rules)
 * 1:1637 <-> DISABLED <-> WEB-CGI yabb access (web-cgi.rules)
 * 1:16427 <-> DISABLED <-> WEB-MISC Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method (web-misc.rules)
 * 1:1644 <-> DISABLED <-> WEB-CGI test-cgi attempt (web-cgi.rules)
 * 1:1645 <-> DISABLED <-> WEB-CGI testcgi access (web-cgi.rules)
 * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16431 <-> DISABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules)
 * 1:16475 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules)
 * 1:16477 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules)
 * 1:16476 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:1652 <-> DISABLED <-> WEB-CGI campas attempt (web-cgi.rules)
 * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules)
 * 1:16611 <-> DISABLED <-> WEB-MISC Apache 413 error HTTP request method cross-site scripting attack (web-misc.rules)
 * 1:16614 <-> DISABLED <-> BACKDOOR c99shell.php command request - search (backdoor.rules)
 * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules)
 * 1:16630 <-> DISABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16681 <-> DISABLED <-> WEB-MISC Basic Authorization string overflow attempt (web-misc.rules)
 * 1:16661 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (exploit.rules)
 * 1:16682 <-> DISABLED <-> WEB-MISC Oracle ONE Web Server JSP source code disclosure attempt (web-misc.rules)
 * 1:16691 <-> DISABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16751 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (web-client.rules)
 * 1:16689 <-> DISABLED <-> WEB-CLIENT Palo Alto Networks Firewall editUser.esp XSS attempt (web-client.rules)
 * 1:16934 <-> DISABLED <-> PHISHING-SPAM pku-edp.cn known spam email attempt (phishing-spam.rules)
 * 1:16936 <-> DISABLED <-> PHISHING-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (phishing-spam.rules)
 * 1:16937 <-> DISABLED <-> PHISHING-SPAM bestdrug-store.com known spam email attempt (phishing-spam.rules)
 * 1:16938 <-> DISABLED <-> PHISHING-SPAM pharmrik66y.ru known spam email attempt (phishing-spam.rules)
 * 1:16935 <-> DISABLED <-> PHISHING-SPAM sjtu-edp.cn known spam email attempt (phishing-spam.rules)
 * 1:16939 <-> DISABLED <-> PHISHING-SPAM refillleonardo59y.ru known spam email attempt (phishing-spam.rules)
 * 1:16941 <-> DISABLED <-> PHISHING-SPAM drugshershel38w.ru known spam email attempt (phishing-spam.rules)
 * 1:16942 <-> DISABLED <-> PHISHING-SPAM drugshayyim77n.ru known spam email attempt (phishing-spam.rules)
 * 1:16943 <-> DISABLED <-> PHISHING-SPAM erectguthry99c.ru known spam email attempt (phishing-spam.rules)
 * 1:16940 <-> DISABLED <-> PHISHING-SPAM medfreddie55a.ru known spam email attempt (phishing-spam.rules)
 * 1:16944 <-> DISABLED <-> PHISHING-SPAM pilldory92n.ru known spam email attempt (phishing-spam.rules)
 * 1:16946 <-> DISABLED <-> PHISHING-SPAM pillrenault15j.ru known spam email attempt (phishing-spam.rules)
 * 1:16947 <-> DISABLED <-> PHISHING-SPAM pharmrolland95h.ru known spam email attempt (phishing-spam.rules)
 * 1:16948 <-> DISABLED <-> PHISHING-SPAM onlineheindrick60i.ru known spam email attempt (phishing-spam.rules)
 * 1:16945 <-> DISABLED <-> PHISHING-SPAM tabwinn77t.ru known spam email attempt (phishing-spam.rules)
 * 1:16949 <-> DISABLED <-> PHISHING-SPAM erectnormie71a.ru known spam email attempt (phishing-spam.rules)
 * 1:16951 <-> DISABLED <-> PHISHING-SPAM drugsjudd45f.ru known spam email attempt (phishing-spam.rules)
 * 1:16952 <-> DISABLED <-> PHISHING-SPAM pharmharman55y.ru known spam email attempt (phishing-spam.rules)
 * 1:16953 <-> DISABLED <-> PHISHING-SPAM medgaultiero11e.ru known spam email attempt (phishing-spam.rules)
 * 1:16950 <-> DISABLED <-> PHISHING-SPAM tabscotti71i.ru known spam email attempt (phishing-spam.rules)
 * 1:16954 <-> DISABLED <-> PHISHING-SPAM pillgaylor21n.ru known spam email attempt (phishing-spam.rules)
 * 1:16956 <-> DISABLED <-> PHISHING-SPAM medebeneser68c.ru known spam email attempt (phishing-spam.rules)
 * 1:16957 <-> DISABLED <-> PHISHING-SPAM tabmario94r.ru known spam email attempt (phishing-spam.rules)
 * 1:16958 <-> DISABLED <-> PHISHING-SPAM tablennard88q.ru known spam email attempt (phishing-spam.rules)
 * 1:16955 <-> DISABLED <-> PHISHING-SPAM drugspenn84f.ru known spam email attempt (phishing-spam.rules)
 * 1:16959 <-> DISABLED <-> PHISHING-SPAM medforster79j.ru known spam email attempt (phishing-spam.rules)
 * 1:16961 <-> DISABLED <-> PHISHING-SPAM drugsdemott21o.ru known spam email attempt (phishing-spam.rules)
 * 1:16962 <-> DISABLED <-> PHISHING-SPAM onlinelovell30p.ru known spam email attempt (phishing-spam.rules)
 * 1:16963 <-> DISABLED <-> PHISHING-SPAM erecttaylor49i.ru known spam email attempt (phishing-spam.rules)
 * 1:16960 <-> DISABLED <-> PHISHING-SPAM erectvincent21v.ru known spam email attempt (phishing-spam.rules)
 * 1:16964 <-> DISABLED <-> PHISHING-SPAM smellexact.ru known spam email attempt (phishing-spam.rules)
 * 1:16966 <-> DISABLED <-> PHISHING-SPAM thingpath.ru known spam email attempt (phishing-spam.rules)
 * 1:16967 <-> DISABLED <-> PHISHING-SPAM wereif.ru known spam email attempt (phishing-spam.rules)
 * 1:16968 <-> DISABLED <-> PHISHING-SPAM bassmax.ru known spam email attempt (phishing-spam.rules)
 * 1:16965 <-> DISABLED <-> PHISHING-SPAM givehome.ru known spam email attempt (phishing-spam.rules)
 * 1:16969 <-> DISABLED <-> PHISHING-SPAM steadfig.ru known spam email attempt (phishing-spam.rules)
 * 1:16971 <-> DISABLED <-> PHISHING-SPAM mystick.ru known spam email attempt (phishing-spam.rules)
 * 1:16972 <-> DISABLED <-> PHISHING-SPAM drugsrey95a.ru known spam email attempt (phishing-spam.rules)
 * 1:16973 <-> DISABLED <-> PHISHING-SPAM milklowly.ru known spam email attempt (phishing-spam.rules)
 * 1:16970 <-> DISABLED <-> PHISHING-SPAM drugsmayne5a.ru known spam email attempt (phishing-spam.rules)
 * 1:16974 <-> DISABLED <-> PHISHING-SPAM numberenough.ru known spam email attempt (phishing-spam.rules)
 * 1:16976 <-> DISABLED <-> PHISHING-SPAM logzest.ru known spam email attempt (phishing-spam.rules)
 * 1:16977 <-> DISABLED <-> PHISHING-SPAM energypotent.ru known spam email attempt (phishing-spam.rules)
 * 1:16978 <-> DISABLED <-> PHISHING-SPAM outhave.ru known spam email attempt (phishing-spam.rules)
 * 1:16975 <-> DISABLED <-> PHISHING-SPAM oldsheer.ru known spam email attempt (phishing-spam.rules)
 * 1:16979 <-> DISABLED <-> PHISHING-SPAM solvecalm.ru known spam email attempt (phishing-spam.rules)
 * 1:16981 <-> DISABLED <-> PHISHING-SPAM livelycall.ru known spam email attempt (phishing-spam.rules)
 * 1:16982 <-> DISABLED <-> PHISHING-SPAM 64.com1.ru known spam email attempt (phishing-spam.rules)
 * 1:16983 <-> DISABLED <-> PHISHING-SPAM heatsettle.ru known spam email attempt (phishing-spam.rules)
 * 1:16980 <-> DISABLED <-> PHISHING-SPAM stillvisit.ru known spam email attempt (phishing-spam.rules)
 * 1:16984 <-> DISABLED <-> PHISHING-SPAM freshmuch.ru known spam email attempt (phishing-spam.rules)
 * 1:16987 <-> DISABLED <-> PHISHING-SPAM tabemmerich86b.ru known spam email attempt (phishing-spam.rules)
 * 1:16988 <-> DISABLED <-> PHISHING-SPAM moderneight.ru known spam email attempt (phishing-spam.rules)
 * 1:16989 <-> DISABLED <-> PHISHING-SPAM tabferd49a.ru known spam email attempt (phishing-spam.rules)
 * 1:16985 <-> DISABLED <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules)
 * 1:16990 <-> DISABLED <-> PHISHING-SPAM nextmail.ru known spam email attempt (phishing-spam.rules)
 * 1:16992 <-> DISABLED <-> PHISHING-SPAM liquideat.ru known spam email attempt (phishing-spam.rules)
 * 1:16993 <-> DISABLED <-> PHISHING-SPAM tabwinn2a.ru known spam email attempt (phishing-spam.rules)
 * 1:16994 <-> DISABLED <-> PHISHING-SPAM abletool.ru known spam email attempt (phishing-spam.rules)
 * 1:16991 <-> DISABLED <-> PHISHING-SPAM fruitone.ru known spam email attempt (phishing-spam.rules)
 * 1:16995 <-> DISABLED <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules)
 * 1:16997 <-> DISABLED <-> PHISHING-SPAM giacoporx.ru known spam email attempt (phishing-spam.rules)
 * 1:16998 <-> DISABLED <-> PHISHING-SPAM drugsnevile.ru known spam email attempt (phishing-spam.rules)
 * 1:16999 <-> DISABLED <-> PHISHING-SPAM jasemed.ru known spam email attempt (phishing-spam.rules)
 * 1:16996 <-> DISABLED <-> PHISHING-SPAM quincytab.ru known spam email attempt (phishing-spam.rules)
 * 1:1700 <-> DISABLED <-> WEB-CGI imagemap.exe access (web-cgi.rules)
 * 1:17001 <-> DISABLED <-> PHISHING-SPAM dillonline.ru known spam email attempt (phishing-spam.rules)
 * 1:17002 <-> DISABLED <-> PHISHING-SPAM swellliquid.ru known spam email attempt (phishing-spam.rules)
 * 1:17003 <-> DISABLED <-> PHISHING-SPAM younglaugh.ru known spam email attempt (phishing-spam.rules)
 * 1:17000 <-> DISABLED <-> PHISHING-SPAM ximenezdrug.ru known spam email attempt (phishing-spam.rules)
 * 1:17004 <-> DISABLED <-> PHISHING-SPAM 2047757.kaskad-travel.ru known spam email attempt (phishing-spam.rules)
 * 1:17006 <-> DISABLED <-> PHISHING-SPAM lovingover.ru known spam email attempt (phishing-spam.rules)
 * 1:17007 <-> DISABLED <-> PHISHING-SPAM pharmerastus.ru known spam email attempt (phishing-spam.rules)
 * 1:17008 <-> DISABLED <-> PHISHING-SPAM hisoffer.ru known spam email attempt (phishing-spam.rules)
 * 1:17005 <-> DISABLED <-> PHISHING-SPAM paintwater.ru known spam email attempt (phishing-spam.rules)
 * 1:17009 <-> DISABLED <-> PHISHING-SPAM butleft.ru known spam email attempt (phishing-spam.rules)
 * 1:17010 <-> DISABLED <-> PHISHING-SPAM starknow.ru known spam email attempt (phishing-spam.rules)
 * 1:17011 <-> DISABLED <-> PHISHING-SPAM beginwisdom.ru known spam email attempt (phishing-spam.rules)
 * 1:17012 <-> DISABLED <-> PHISHING-SPAM oneus.ru known spam email attempt (phishing-spam.rules)
 * 1:1701 <-> DISABLED <-> WEB-CGI calendar-admin.pl access (web-cgi.rules)
 * 1:17013 <-> DISABLED <-> PHISHING-SPAM reapcomfy.ru known spam email attempt (phishing-spam.rules)
 * 1:17015 <-> DISABLED <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules)
 * 1:17016 <-> DISABLED <-> PHISHING-SPAM boxdouble.ru known spam email attempt (phishing-spam.rules)
 * 1:17017 <-> DISABLED <-> PHISHING-SPAM beatmoon.ru known spam email attempt (phishing-spam.rules)
 * 1:17014 <-> DISABLED <-> PHISHING-SPAM rowsay.ru known spam email attempt (phishing-spam.rules)
 * 1:17018 <-> DISABLED <-> PHISHING-SPAM ensureequate.ru known spam email attempt (phishing-spam.rules)
 * 1:17021 <-> DISABLED <-> PHISHING-SPAM nearpass.ru known spam email attempt (phishing-spam.rules)
 * 1:17022 <-> DISABLED <-> PHISHING-SPAM thatmile.ru known spam email attempt (phishing-spam.rules)
 * 1:17023 <-> DISABLED <-> PHISHING-SPAM hillfoot.ru known spam email attempt (phishing-spam.rules)
 * 1:17020 <-> DISABLED <-> PHISHING-SPAM sheerwheel.ru known spam email attempt (phishing-spam.rules)
 * 1:17024 <-> DISABLED <-> PHISHING-SPAM writeobject.ru known spam email attempt (phishing-spam.rules)
 * 1:17026 <-> DISABLED <-> PHISHING-SPAM redlead.ru known spam email attempt (phishing-spam.rules)
 * 1:17027 <-> DISABLED <-> PHISHING-SPAM scoreenjoy.ru known spam email attempt (phishing-spam.rules)
 * 1:17029 <-> DISABLED <-> PHISHING-SPAM tenderpower.ru known spam email attempt (phishing-spam.rules)
 * 1:17025 <-> DISABLED <-> PHISHING-SPAM thoughthese.ru known spam email attempt (phishing-spam.rules)
 * 1:17030 <-> DISABLED <-> PHISHING-SPAM fewvalley.ru known spam email attempt (phishing-spam.rules)
 * 1:17032 <-> DISABLED <-> PHISHING-SPAM centtry.ru known spam email attempt (phishing-spam.rules)
 * 1:17033 <-> DISABLED <-> PHISHING-SPAM signpearl.ru known spam email attempt (phishing-spam.rules)
 * 1:17050 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt (web-misc.rules)
 * 1:17031 <-> DISABLED <-> PHISHING-SPAM burnshy.ru known spam email attempt (phishing-spam.rules)
 * 1:17107 <-> DISABLED <-> SPECIFIC-THREATS Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (specific-threats.rules)
 * 1:17128 <-> ENABLED <-> EXPLOIT Cinepak Codec VIDC decompression remote code execution attempt (exploit.rules)
 * 1:17135 <-> ENABLED <-> EXPLOIT Microsoft Windows Movie Maker string size overflow attempt (exploit.rules)
 * 1:17190 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17117 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:17191 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17193 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17196 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17197 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17192 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17198 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17257 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player and Reader remote code execution attempt (specific-threats.rules)
 * 1:17267 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17286 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Visual Basic for Applications document properties overflow attempt (specific-threats.rules)
 * 1:17255 <-> DISABLED <-> EXPLOIT Microsoft Windows IIS FastCGI heap overflow attempt (exploit.rules)
 * 1:17287 <-> DISABLED <-> WEB-MISC Cisco IOS HTTP service HTML injection attempt (web-misc.rules)
 * 1:17332 <-> DISABLED <-> SMTP Content-Disposition attachment (smtp.rules)
 * 1:17373 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime panorama atoms buffer overflow attempt (specific-threats.rules)
 * 1:17386 <-> DISABLED <-> SPECIFIC-THREATS Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (specific-threats.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:17403 <-> ENABLED <-> FILE-OTHER OpenOffice RTF File parsing heap buffer overflow attempt (file-other.rules)
 * 1:17508 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules)
 * 1:17652 <-> DISABLED <-> WEB-MISC Microsoft Windows IIS source code disclosure attempt (web-misc.rules)
 * 1:17410 <-> DISABLED <-> WEB-MISC Generic HyperLink buffer overflow attempt (web-misc.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17747 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (exploit.rules)
 * 1:17752 <-> ENABLED <-> EXPLOIT OpenType Font file parsing denial of service attempt (exploit.rules)
 * 1:17773 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player Firefox plugin memory corruption attempt (exploit.rules)
 * 1:17735 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17806 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:17919 <-> DISABLED <-> PHISHING-SPAM akiq.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17920 <-> DISABLED <-> PHISHING-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17921 <-> DISABLED <-> PHISHING-SPAM argue.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17918 <-> DISABLED <-> PHISHING-SPAM aaof.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17922 <-> DISABLED <-> PHISHING-SPAM ava.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17924 <-> DISABLED <-> PHISHING-SPAM azo.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17925 <-> DISABLED <-> PHISHING-SPAM back.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17926 <-> DISABLED <-> PHISHING-SPAM by.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17923 <-> DISABLED <-> PHISHING-SPAM axoseb.medicdrugsxck.ru known spam email attempt (phishing-spam.rules)
 * 1:17927 <-> DISABLED <-> PHISHING-SPAM cardinals.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17929 <-> DISABLED <-> PHISHING-SPAM chula.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:17930 <-> DISABLED <-> PHISHING-SPAM classification.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17931 <-> DISABLED <-> PHISHING-SPAM compensate.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17928 <-> DISABLED <-> PHISHING-SPAM chemist.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules)
 * 1:17932 <-> DISABLED <-> PHISHING-SPAM cswjlxey.ru known spam email attempt (phishing-spam.rules)
 * 1:17934 <-> DISABLED <-> PHISHING-SPAM cyacaz.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17935 <-> DISABLED <-> PHISHING-SPAM deepcenter.ru known spam email attempt (phishing-spam.rules)
 * 1:17936 <-> DISABLED <-> PHISHING-SPAM delegate.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17933 <-> DISABLED <-> PHISHING-SPAM current.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17937 <-> DISABLED <-> PHISHING-SPAM diet.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17939 <-> DISABLED <-> PHISHING-SPAM divyo.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17940 <-> DISABLED <-> PHISHING-SPAM drugsgeorge65g.ru known spam email attempt (phishing-spam.rules)
 * 1:17941 <-> DISABLED <-> PHISHING-SPAM dux.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17938 <-> DISABLED <-> PHISHING-SPAM direct.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17942 <-> DISABLED <-> PHISHING-SPAM dypoh.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17944 <-> DISABLED <-> PHISHING-SPAM eeez.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17945 <-> DISABLED <-> PHISHING-SPAM egi.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17946 <-> DISABLED <-> PHISHING-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17943 <-> DISABLED <-> PHISHING-SPAM eaihar.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17947 <-> DISABLED <-> PHISHING-SPAM eka.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17949 <-> DISABLED <-> PHISHING-SPAM elik.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17950 <-> DISABLED <-> PHISHING-SPAM epeno.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17951 <-> DISABLED <-> PHISHING-SPAM erectgodart30s.ru known spam email attempt (phishing-spam.rules)
 * 1:17948 <-> DISABLED <-> PHISHING-SPAM election.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17952 <-> DISABLED <-> PHISHING-SPAM erol.camedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17954 <-> DISABLED <-> PHISHING-SPAM eyu.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:17955 <-> DISABLED <-> PHISHING-SPAM fashionchannel.ru known spam email attempt (phishing-spam.rules)
 * 1:17956 <-> DISABLED <-> PHISHING-SPAM fauxy.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17953 <-> DISABLED <-> PHISHING-SPAM exa.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17957 <-> DISABLED <-> PHISHING-SPAM food.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17959 <-> DISABLED <-> PHISHING-SPAM goyry.ramedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17960 <-> DISABLED <-> PHISHING-SPAM gueepa.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17961 <-> DISABLED <-> PHISHING-SPAM has.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17958 <-> DISABLED <-> PHISHING-SPAM generality.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17962 <-> DISABLED <-> PHISHING-SPAM have.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17964 <-> DISABLED <-> PHISHING-SPAM huhuh.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17965 <-> DISABLED <-> PHISHING-SPAM hyem.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17966 <-> DISABLED <-> PHISHING-SPAM icysa.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17963 <-> DISABLED <-> PHISHING-SPAM headtest.ru known spam email attempt (phishing-spam.rules)
 * 1:17967 <-> DISABLED <-> PHISHING-SPAM iiy.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17969 <-> DISABLED <-> PHISHING-SPAM iner.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules)
 * 1:17970 <-> DISABLED <-> PHISHING-SPAM in.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17971 <-> DISABLED <-> PHISHING-SPAM intelpost.ru known spam email attempt (phishing-spam.rules)
 * 1:17968 <-> DISABLED <-> PHISHING-SPAM iki.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:17972 <-> DISABLED <-> PHISHING-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (phishing-spam.rules)
 * 1:17974 <-> DISABLED <-> PHISHING-SPAM iqor.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17975 <-> DISABLED <-> PHISHING-SPAM is.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:17976 <-> DISABLED <-> PHISHING-SPAM itaca.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17973 <-> DISABLED <-> PHISHING-SPAM ipiig.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:17977 <-> DISABLED <-> PHISHING-SPAM ive.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17979 <-> DISABLED <-> PHISHING-SPAM iycyde.medicdrugsxco.ru known spam email attempt (phishing-spam.rules)
 * 1:17980 <-> DISABLED <-> PHISHING-SPAM iyw.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17981 <-> DISABLED <-> PHISHING-SPAM jaecoh.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17978 <-> DISABLED <-> PHISHING-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17982 <-> DISABLED <-> PHISHING-SPAM jael.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:17984 <-> DISABLED <-> PHISHING-SPAM john.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:17985 <-> DISABLED <-> PHISHING-SPAM joseph.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:17986 <-> DISABLED <-> PHISHING-SPAM jyn.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules)
 * 1:17983 <-> DISABLED <-> PHISHING-SPAM jex.remedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:17987 <-> DISABLED <-> PHISHING-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:17989 <-> DISABLED <-> PHISHING-SPAM lybah.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:17990 <-> DISABLED <-> PHISHING-SPAM manila.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:17991 <-> DISABLED <-> PHISHING-SPAM masa.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17988 <-> DISABLED <-> PHISHING-SPAM koosaf.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:17992 <-> DISABLED <-> PHISHING-SPAM medpenny17j.ru known spam email attempt (phishing-spam.rules)
 * 1:17994 <-> DISABLED <-> PHISHING-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:17995 <-> DISABLED <-> PHISHING-SPAM negotiations.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:17996 <-> DISABLED <-> PHISHING-SPAM niqiv.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:17993 <-> DISABLED <-> PHISHING-SPAM minionspre.ru known spam email attempt (phishing-spam.rules)
 * 1:17997 <-> DISABLED <-> PHISHING-SPAM odimys.medicdrugsxlb.ru known spam email attempt (phishing-spam.rules)
 * 1:17999 <-> DISABLED <-> PHISHING-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:18000 <-> DISABLED <-> PHISHING-SPAM oeqio.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18001 <-> DISABLED <-> PHISHING-SPAM of.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:17998 <-> DISABLED <-> PHISHING-SPAM odoog.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18002 <-> DISABLED <-> PHISHING-SPAM of.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18004 <-> DISABLED <-> PHISHING-SPAM oipek.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18005 <-> DISABLED <-> PHISHING-SPAM oji.medicdrugsxto.ru known spam email attempt (phishing-spam.rules)
 * 1:18006 <-> DISABLED <-> PHISHING-SPAM onotye.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18003 <-> DISABLED <-> PHISHING-SPAM of.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18007 <-> DISABLED <-> PHISHING-SPAM opy.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:18009 <-> DISABLED <-> PHISHING-SPAM ouu.almedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:18010 <-> DISABLED <-> PHISHING-SPAM oxuc.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18011 <-> DISABLED <-> PHISHING-SPAM pillrolfe64l.ru known spam email attempt (phishing-spam.rules)
 * 1:18008 <-> DISABLED <-> PHISHING-SPAM orderbuzz.ru known spam email attempt (phishing-spam.rules)
 * 1:18012 <-> DISABLED <-> PHISHING-SPAM recently.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18014 <-> DISABLED <-> PHISHING-SPAM reobaj.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18015 <-> DISABLED <-> PHISHING-SPAM research.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18016 <-> DISABLED <-> PHISHING-SPAM returning.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18013 <-> DISABLED <-> PHISHING-SPAM records.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:18017 <-> DISABLED <-> PHISHING-SPAM right.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18019 <-> DISABLED <-> PHISHING-SPAM ruuav.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18020 <-> DISABLED <-> PHISHING-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (phishing-spam.rules)
 * 1:18021 <-> DISABLED <-> PHISHING-SPAM software-buyshop-7.ru known spam email attempt (phishing-spam.rules)
 * 1:18018 <-> DISABLED <-> PHISHING-SPAM riwaro.erectjefferey85n.ru known spam email attempt (phishing-spam.rules)
 * 1:18022 <-> DISABLED <-> PHISHING-SPAM specialyou.ru known spam email attempt (phishing-spam.rules)
 * 1:18024 <-> DISABLED <-> PHISHING-SPAM store-softwarebuy-7.ru known spam email attempt (phishing-spam.rules)
 * 1:18025 <-> DISABLED <-> PHISHING-SPAM sya.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18026 <-> DISABLED <-> PHISHING-SPAM tabdarin80s.ru known spam email attempt (phishing-spam.rules)
 * 1:18023 <-> DISABLED <-> PHISHING-SPAM starring.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18027 <-> DISABLED <-> PHISHING-SPAM tabgordan13n.ru known spam email attempt (phishing-spam.rules)
 * 1:18029 <-> DISABLED <-> PHISHING-SPAM tabwebster77c.ru known spam email attempt (phishing-spam.rules)
 * 1:18030 <-> DISABLED <-> PHISHING-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (phishing-spam.rules)
 * 1:18031 <-> DISABLED <-> PHISHING-SPAM the.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18028 <-> DISABLED <-> PHISHING-SPAM tablangston19a.ru known spam email attempt (phishing-spam.rules)
 * 1:18032 <-> DISABLED <-> PHISHING-SPAM the.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules)
 * 1:18034 <-> DISABLED <-> PHISHING-SPAM trails.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18035 <-> DISABLED <-> PHISHING-SPAM trusting-me.ru known spam email attempt (phishing-spam.rules)
 * 1:18036 <-> DISABLED <-> PHISHING-SPAM twodays.ru known spam email attempt (phishing-spam.rules)
 * 1:18033 <-> DISABLED <-> PHISHING-SPAM to.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:18037 <-> DISABLED <-> PHISHING-SPAM tyqaja.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:18039 <-> DISABLED <-> PHISHING-SPAM uf.drugslevy46b.ru known spam email attempt (phishing-spam.rules)
 * 1:18040 <-> DISABLED <-> PHISHING-SPAM uielij.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18041 <-> DISABLED <-> PHISHING-SPAM unasu.medicdrugsxto.ru known spam email attempt (phishing-spam.rules)
 * 1:18038 <-> DISABLED <-> PHISHING-SPAM uboi.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18042 <-> DISABLED <-> PHISHING-SPAM upazo.pilltodd73p.ru known spam email attempt (phishing-spam.rules)
 * 1:18044 <-> DISABLED <-> PHISHING-SPAM uuji.refilleldredge89r.ru known spam email attempt (phishing-spam.rules)
 * 1:18045 <-> DISABLED <-> PHISHING-SPAM variation.refilldud86o.ru known spam email attempt (phishing-spam.rules)
 * 1:18046 <-> DISABLED <-> PHISHING-SPAM via.refillreade47j.ru known spam email attempt (phishing-spam.rules)
 * 1:18043 <-> DISABLED <-> PHISHING-SPAM utuqaj.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18047 <-> DISABLED <-> PHISHING-SPAM voiceless.pharmroyce83b.ru known spam email attempt (phishing-spam.rules)
 * 1:18049 <-> DISABLED <-> PHISHING-SPAM word.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules)
 * 1:18050 <-> DISABLED <-> PHISHING-SPAM world.onlinehill21q.ru known spam email attempt (phishing-spam.rules)
 * 1:18051 <-> DISABLED <-> PHISHING-SPAM www.buhni.ru known spam email attempt (phishing-spam.rules)
 * 1:18048 <-> DISABLED <-> PHISHING-SPAM was.medrayner44c.ru known spam email attempt (phishing-spam.rules)
 * 1:18052 <-> DISABLED <-> PHISHING-SPAM www.visitcover.ru known spam email attempt (phishing-spam.rules)
 * 1:18054 <-> DISABLED <-> PHISHING-SPAM ygy.onlinetommie54y.ru known spam email attempt (phishing-spam.rules)
 * 1:18055 <-> DISABLED <-> PHISHING-SPAM yit.medicdrugsxor.ru known spam email attempt (phishing-spam.rules)
 * 1:18056 <-> DISABLED <-> PHISHING-SPAM ylum.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18053 <-> DISABLED <-> PHISHING-SPAM xob.erectnoll24k.ru known spam email attempt (phishing-spam.rules)
 * 1:18057 <-> DISABLED <-> PHISHING-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules)
 * 1:18059 <-> DISABLED <-> PHISHING-SPAM yzugez.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18060 <-> DISABLED <-> PHISHING-SPAM zeroprices.ru known spam email attempt (phishing-spam.rules)
 * 1:18061 <-> DISABLED <-> PHISHING-SPAM zueuz.onlinehamel83i.ru known spam email attempt (phishing-spam.rules)
 * 1:18058 <-> DISABLED <-> PHISHING-SPAM yomy.pillking74s.ru known spam email attempt (phishing-spam.rules)
 * 1:18072 <-> DISABLED <-> WEB-MISC Microsoft Forefront UAG external redirect attempt (web-misc.rules)
 * 1:18096 <-> DISABLED <-> WEB-MISC Apache Tomcat username enumeration attempt (web-misc.rules)
 * 1:18179 <-> DISABLED <-> SCAN Proxyfire.net anonymous proxy scan (scan.rules)
 * 1:18229 <-> ENABLED <-> SPECIFIC-THREATS Microsoft FlashPix tile length overflow attempt (specific-threats.rules)
 * 1:18073 <-> DISABLED <-> WEB-MISC Microsoft Forefront UAG arbitrary embedded scripting attempt (web-misc.rules)
 * 1:18273 <-> DISABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18283 <-> DISABLED <-> SPECIFIC-THREATS Oracle WebLogic Apache Connector buffer overflow attempt (specific-threats.rules)
 * 1:18333 <-> DISABLED <-> WEB-MISC phpBook date command execution attempt (web-misc.rules)
 * 1:18334 <-> DISABLED <-> WEB-MISC phpBook mail command execution attempt (web-misc.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18397 <-> DISABLED <-> MISC HP DDMI Agent spoofing - command execution (misc.rules)
 * 1:18418 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript apply function memory corruption attempt (specific-threats.rules)
 * 1:18420 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript ASnative function remote code execution attempt (specific-threats.rules)
 * 1:18447 <-> ENABLED <-> EXPLOIT Adobe OpenAction crafted URI action thru Firefox attempt (exploit.rules)
 * 1:18413 <-> ENABLED <-> EXPLOIT Microsoft Windows WMI tracing api integer truncation attempt (exploit.rules)
 * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18454 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18463 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules)
 * 1:18466 <-> DISABLED <-> WEB-MISC raSMP User-Agent XSS injection attempt (web-misc.rules)
 * 1:18470 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via URI (web-misc.rules)
 * 1:18471 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via POST (web-misc.rules)
 * 1:18475 <-> DISABLED <-> WEB-MISC HP Openview OvWebHelp.exe buffer overflow (web-misc.rules)
 * 1:18467 <-> DISABLED <-> WEB-MISC raSMP User-Agent XSS injection attempt (web-misc.rules)
 * 1:18480 <-> DISABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - userid parameter (web-misc.rules)
 * 1:18503 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (specific-threats.rules)
 * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat util.printf buffer overflow attempt (file-pdf.rules)
 * 1:18599 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime PictureViewer buffer overflow attempt (specific-threats.rules)
 * 1:18481 <-> DISABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - password parameter (web-misc.rules)
 * 1:1860 <-> DISABLED <-> WEB-MISC Linksys router default password login attempt (web-misc.rules)
 * 1:18615 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18616 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18678 <-> DISABLED <-> EXPLOIT osCommerce categories.php Arbitrary File Upload And Code Execution (exploit.rules)
 * 1:18600 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime PictureViewer buffer overflow attempt (specific-threats.rules)
 * 1:1868 <-> DISABLED <-> WEB-CGI story.pl arbitrary file read attempt (web-cgi.rules)
 * 1:18742 <-> DISABLED <-> WEB-MISC IBM WebSphere Expect header cross-site scripting (web-misc.rules)
 * 1:18743 <-> DISABLED <-> WEB-MISC VLC player web interface format string attack (web-misc.rules)
 * 1:18751 <-> DISABLED <-> WEB-MISC Samba SWAT HTTP Authentication overflow attempt (web-misc.rules)
 * 1:1869 <-> DISABLED <-> WEB-CGI story.pl access (web-cgi.rules)
 * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules)
 * 1:18774 <-> DISABLED <-> BLACKLIST URI request for known malicious URI (blacklist.rules)
 * 1:18775 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /gpdcount (blacklist.rules)
 * 1:18800 <-> DISABLED <-> SPECIFIC-THREATS Adobe RoboHelp Server Arbitrary File Upload (specific-threats.rules)
 * 1:18768 <-> ENABLED <-> SMTP Novell GroupWise internet agent RRULE parsing buffer overflow attempt (smtp.rules)
 * 1:18808 <-> DISABLED <-> SMTP Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (smtp.rules)
 * 1:18812 <-> DISABLED <-> SMTP .adp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18813 <-> DISABLED <-> SMTP .app attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18814 <-> DISABLED <-> SMTP .asp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18811 <-> DISABLED <-> SMTP .ade attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18815 <-> DISABLED <-> SMTP .bas attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18817 <-> DISABLED <-> SMTP .cer attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18818 <-> DISABLED <-> SMTP .chm attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18819 <-> DISABLED <-> SMTP .cmd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18816 <-> DISABLED <-> SMTP .bat attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18820 <-> DISABLED <-> SMTP .cnt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18822 <-> DISABLED <-> SMTP .cpl attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18823 <-> DISABLED <-> SMTP .crt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18824 <-> DISABLED <-> SMTP .csh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18821 <-> DISABLED <-> SMTP .com attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18825 <-> DISABLED <-> SMTP .der attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18827 <-> DISABLED <-> SMTP .fxp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18828 <-> DISABLED <-> SMTP .gadget attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18829 <-> DISABLED <-> SMTP .hlp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18826 <-> DISABLED <-> SMTP .exe attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18830 <-> DISABLED <-> SMTP .hpj attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18832 <-> DISABLED <-> SMTP .inf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18833 <-> DISABLED <-> SMTP .ins attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18834 <-> DISABLED <-> SMTP .isp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18831 <-> DISABLED <-> SMTP .hta attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18835 <-> DISABLED <-> SMTP .its attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18837 <-> DISABLED <-> SMTP .jse attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18838 <-> DISABLED <-> SMTP .ksh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18839 <-> DISABLED <-> SMTP .lnk attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18836 <-> DISABLED <-> SMTP .js attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18840 <-> DISABLED <-> SMTP .mad attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18842 <-> DISABLED <-> SMTP .mag attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18843 <-> DISABLED <-> SMTP .mam attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18844 <-> DISABLED <-> SMTP .maq attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18841 <-> DISABLED <-> SMTP .maf attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18845 <-> DISABLED <-> SMTP .mar attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18847 <-> DISABLED <-> SMTP .mat attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18848 <-> DISABLED <-> SMTP .mau attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18849 <-> DISABLED <-> SMTP .mav attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18846 <-> DISABLED <-> SMTP .mas attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18850 <-> DISABLED <-> SMTP .maw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18852 <-> DISABLED <-> SMTP .mdb attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18853 <-> DISABLED <-> SMTP .mde attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18854 <-> DISABLED <-> SMTP .mdt attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18851 <-> DISABLED <-> SMTP .mda attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18855 <-> DISABLED <-> SMTP .mdw attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18857 <-> DISABLED <-> SMTP .msc attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18858 <-> DISABLED <-> SMTP .msh attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18859 <-> DISABLED <-> SMTP .msh1 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18856 <-> DISABLED <-> SMTP .mdz attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18860 <-> DISABLED <-> SMTP .msh2 attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18862 <-> DISABLED <-> SMTP .msh1xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18863 <-> DISABLED <-> SMTP .msh2xml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18864 <-> DISABLED <-> SMTP .msi attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18861 <-> DISABLED <-> SMTP .mshxml attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18865 <-> DISABLED <-> SMTP .msp attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18867 <-> DISABLED <-> SMTP .ops attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18868 <-> DISABLED <-> SMTP .osd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18869 <-> DISABLED <-> SMTP .pcd attachment file type blocked by Outlook detected (smtp.rules)
 * 1:18866 <-> DISABLED <-> SMTP .mst attachment file type blocked by Outlook detected (smtp.rules)