Sourcefire VRT Rules Update

Date: 2012-01-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20829 <-> ENABLED <-> WEB-IIS Microsoft Windows IIS .NET null character username truncation attempt (web-iis.rules)
 * 1:20828 <-> ENABLED <-> WEB-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (web-iis.rules)
 * 1:20827 <-> ENABLED <-> WEB-PHP phpThumb fltr[] parameter remote command execution attempt (web-php.rules)
 * 1:20826 <-> DISABLED <-> WEB-PHP OABoard forum script remote file injection attempt (web-php.rules)
 * 3:20825 <-> ENABLED <-> DOS generic web server hashing collision attack (dos.rules)

Modified Rules:


 * 1:9847 <-> DISABLED <-> WEB-CLIENT Microsoft Office Outlook Saved Search download attempt (web-client.rules)
 * 1:9840 <-> ENABLED <-> WEB-CLIENT Apple QuickTime HREF Track Detected (web-client.rules)
 * 1:8448 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel colinfo XF record overflow attempt (web-client.rules)
 * 1:7205 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel FngGroupCount record overflow attempt (web-client.rules)
 * 1:7204 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object ftCmo overflow attempt (web-client.rules)
 * 1:7199 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel label record overflow attempt (web-client.rules)
 * 1:7048 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object record overflow attempt (web-client.rules)
 * 1:7024 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel style handling overflow attempt (web-client.rules)
 * 1:7002 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:5711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:4679 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie file component name integer overflow multipacket attempt (web-client.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:3634 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow multipacket attempt (web-client.rules)
 * 1:3079 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ANI file parsing overflow (web-client.rules)
 * 1:20814 <-> ENABLED <-> WEB-CLIENT Mozilla favicon href javascript execution attempt (web-client.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20777 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption attempt (specific-threats.rules)
 * 1:20767 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:20735 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (specific-threats.rules)
 * 1:20724 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word border use-after-free attempt (specific-threats.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20722 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (web-client.rules)
 * 1:20721 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher PLC object memory corruption attempt (web-client.rules)
 * 1:20720 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2003 EscherStm memory corruption attempt (specific-threats.rules)
 * 1:20719 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Opltc memory corruption attempt (specific-threats.rules)
 * 1:20718 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Lel record memory corruption attempt (specific-threats.rules)
 * 1:20659 <-> ENABLED <-> WEB-CLIENT Adobe Reader malformed shading modifier heap corruption attempt (web-client.rules)
 * 1:20590 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:20577 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat malicious TIFF remote code execution attempt (specific-threats.rules)
 * 1:20575 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader PDF JBIG2 remote code execution attempt (specific-threats.rules)
 * 1:20568 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (specific-threats.rules)
 * 1:17538 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel unspecified memory corruption attempt (specific-threats.rules)
 * 1:17537 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel unspecified memory corruption attempt (specific-threats.rules)
 * 1:17531 <-> ENABLED <-> SPECIFIC-THREATS Apple Quicktime MOV file JVTCompEncodeFrame heap overflow attempt (specific-threats.rules)
 * 1:17523 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow (specific-threats.rules)
 * 1:17517 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Record Code Execution attempt (web-client.rules)
 * 1:17511 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed Graphic Code Execution (web-client.rules)
 * 1:17507 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17506 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17505 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17497 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed NamedShows record code execution attempt (specific-threats.rules)
 * 1:17496 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed NamedShows record code execution attempt (specific-threats.rules)
 * 1:20567 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash SWF AVM2 namespace lookup deref exploit (specific-threats.rules)
 * 1:20557 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionDefineFunction2 length overflow attempt (specific-threats.rules)
 * 1:20556 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player PlaceObjectX null pointer dereference attempt (specific-threats.rules)
 * 1:20555 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash MP4 ref_frame allocated buffer overflow attempt (specific-threats.rules)
 * 1:20551 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Stage 3D texture format overflow attempt (specific-threats.rules)
 * 1:20550 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Mover3D clipping exploit (specific-threats.rules)
 * 1:20549 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion attempt (specific-threats.rules)
 * 1:20548 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player recursive doaction stack exhaustion (specific-threats.rules)
 * 1:20547 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player overlapping record overflow attempt (specific-threats.rules)
 * 1:20545 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player SWF embedded font null pointer attempt (specific-threats.rules)
 * 1:20534 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel IPMT record buffer overflow attempt (specific-threats.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY shockwave file magic detection (file-identify.rules)
 * 1:20499 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:20498 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file magic detection (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20494 <-> DISABLED <-> FILE-IDENTIFY PDF file magic detection (file-identify.rules)
 * 1:20486 <-> DISABLED <-> FILE-IDENTIFY RTF file magic detection (file-identify.rules)
 * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detection (file-identify.rules)
 * 1:20471 <-> DISABLED <-> FILE-IDENTIFY RIFX file magic detection (file-identify.rules)
 * 1:20470 <-> DISABLED <-> FILE-IDENTIFY RIFF file magic detection (file-identify.rules)
 * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detection (file-identify.rules)
 * 1:20445 <-> ENABLED <-> WEB-CLIENT Foxit Reader title overflow attempt (web-client.rules)
 * 1:20429 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (web-client.rules)
 * 1:20211 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:20206 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player pcre ActionScript under allocation (specific-threats.rules)
 * 1:20183 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player setInterval use attempt (specific-threats.rules)
 * 1:20171 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded BMP parsing corruption attempt (specific-threats.rules)
 * 1:20170 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded BMP parsing corruption attempt (specific-threats.rules)
 * 1:20169 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded BMP parsing corruption attempt (specific-threats.rules)
 * 1:20162 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader sandbox disable attempt (web-client.rules)
 * 1:20156 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat getCosObj file overwrite attempt (web-client.rules)
 * 1:20155 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader glyf composite vulnerability (specific-threats.rules)
 * 1:20154 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader glyf directory table vulnerability (specific-threats.rules)
 * 1:20153 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (specific-threats.rules)
 * 1:20152 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat GDI object leak memory corruption attempt (specific-threats.rules)
 * 1:20151 <-> DISABLED <-> POLICY attempted download of a PDF with embedded PCX image (policy.rules)
 * 1:20150 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader embedded PCX parsing corruption attempt (specific-threats.rules)
 * 1:2015 <-> ENABLED <-> RPC portmap UNSET attempt UDP 111 (rpc.rules)
 * 1:20149 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat embedded IFF file RGBA chunk memory corruption attempt (web-client.rules)
 * 1:20148 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded PICT parsing corruption attempt (specific-threats.rules)
 * 1:20147 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded PICT parsing corruption attempt (specific-threats.rules)
 * 1:20146 <-> DISABLED <-> POLICY attempted download of a PDF with embedded PICT image (policy.rules)
 * 1:20145 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader embedded PICT parsing corruption attempt (specific-threats.rules)
 * 1:20144 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (web-client.rules)
 * 1:20142 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader app.openDoc path vulnerability (specific-threats.rules)
 * 1:20130 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel MergeCells record parsing code execution attempt (specific-threats.rules)
 * 1:20127 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Conditional Formatting record vulnerability (specific-threats.rules)
 * 1:20126 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20125 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20124 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20123 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid ShrFmla record (specific-threats.rules)
 * 1:20122 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20121 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20070 <-> ENABLED <-> FILE-IDENTIFY BIN file download request (file-identify.rules)
 * 1:20050 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory consumption vulnerability (specific-threats.rules)
 * 1:20031 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:20029 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel FNGROUPNAME Record Memory Corruption (specific-threats.rules)
 * 1:19956 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Movie Maker project file heap buffer overflow attempt (web-client.rules)
 * 1:19943 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (web-client.rules)
 * 1:19932 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher 2007 pointer dereference attempt (web-client.rules)
 * 1:19894 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 1:19834 <-> DISABLED <-> BACKDOOR Trojan.Spy.ZBot.RD runtime detection (backdoor.rules)
 * 1:19811 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:19692 <-> ENABLED <-> WEB-CLIENT Adobe Flash cross-site request forgery attempt (web-client.rules)
 * 1:19691 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript Filereference buffer overflow attempt (specific-threats.rules)
 * 1:19690 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript duplicateDoorInputArguments stack overwrite (specific-threats.rules)
 * 1:19689 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript dynamic calculation double-free attempt (specific-threats.rules)
 * 1:19688 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript BitmapData buffer overflow attempt (specific-threats.rules)
 * 1:19687 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionStoreRegister instruction length invalidation attempt (web-client.rules)
 * 1:19686 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash uninitialized bitmap structure memory corruption attempt (specific-threats.rules)
 * 1:19685 <-> ENABLED <-> WEB-CLIENT Adobe Flash regular expression grouping depth buffer overflow attempt (web-client.rules)
 * 1:19684 <-> ENABLED <-> SPECIFIC-THREATS Adobe CFF font storage memory corruption attempt (specific-threats.rules)
 * 1:19683 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 buffer overflow attempt (web-client.rules)
 * 1:19682 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 integer overflow attempt (web-client.rules)
 * 1:19648 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19647 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19646 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19607 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19606 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19552 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel format record code execution attempt (web-client.rules)
 * 1:19459 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word sprmCMajority record buffer overflow attempt (specific-threats.rules)
 * 1:19458 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word sprmCMajority record buffer overflow attempt (specific-threats.rules)
 * 1:19419 <-> DISABLED <-> WEB-CLIENT Apple iOS 4.3.3 jailbreak for iPod download attempt (web-client.rules)
 * 1:19418 <-> DISABLED <-> WEB-CLIENT Apple iOS 4.3.3 jailbreak for iPhone download attempt (web-client.rules)
 * 1:19417 <-> DISABLED <-> WEB-CLIENT Apple iOS 4.3.3 jailbreak for iPad download attempt (web-client.rules)
 * 1:19416 <-> DISABLED <-> WEB-CLIENT Apple iOS 4.3.3 jailbreak for iPad download attempt (web-client.rules)
 * 1:19414 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19413 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19412 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record parsing memory corruption (specific-threats.rules)
 * 1:19403 <-> ENABLED <-> SPECIFIC-THREATS Cinepak Codec VIDC decompression remote code execution attempt (specific-threats.rules)
 * 1:19320 <-> DISABLED <-> WEB-CLIENT Microsoft Windows AVI Header insufficient data corruption attempt (web-client.rules)
 * 1:19306 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher pubconv.dll corruption attempt (specific-threats.rules)
 * 1:19303 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19295 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word HTML linked objects memory corruption attempt (specific-threats.rules)
 * 1:19294 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:19293 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19264 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19263 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19262 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19260 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed MsoDrawingObject record attempt (specific-threats.rules)
 * 1:19259 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel WOpt record memory corruption attempt (specific-threats.rules)
 * 1:19258 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel SxView record memory pointer corruption attempt (specific-threats.rules)
 * 1:19257 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionScript float index memory corruption (web-client.rules)
 * 1:19255 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader ICC ProfileDescriptionTag overflow attempt (specific-threats.rules)
 * 1:19254 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (web-client.rules)
 * 1:19251 <-> ENABLED <-> WEB-CLIENT Adobe PDF CIDFont dictionary glyph width corruption attempt (web-client.rules)
 * 1:19248 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed U3D texture continuation integer overflow attempt (specific-threats.rules)
 * 1:19232 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel XF record exploit attempt (specific-threats.rules)
 * 1:19231 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Series record exploit attempt (web-client.rules)
 * 1:19230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Selection exploit attempt (specific-threats.rules)
 * 1:19227 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Scenario heap memory overflow (specific-threats.rules)
 * 1:19225 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SerAuxTrend biff record corruption attempt (web-client.rules)
 * 1:19222 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ObjBiff validation exploit attempt (specific-threats.rules)
 * 1:19220 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19219 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19200 <-> ENABLED <-> EXPLOIT Microsoft Office Excel ObjBiff exploit attempt (exploit.rules)
 * 1:19180 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel pivot item index boundary corruption attempt (specific-threats.rules)
 * 1:19169 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (web-client.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detection (file-identify.rules)
 * 1:19154 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgExtraArray parsing attempt (specific-threats.rules)
 * 1:19153 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word malformed index code execution attempt (web-client.rules)
 * 1:19146 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (specific-threats.rules)
 * 1:19143 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (web-client.rules)
 * 1:19141 <-> DISABLED <-> WEB-CLIENT Microsoft Access Wizard control memory corruption ActiveX clsid access (web-client.rules)
 * 1:19134 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (specific-threats.rules)
 * 1:19133 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel EntExU2 write access violation attempt (specific-threats.rules)
 * 1:19132 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19131 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19118 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader script injection vulnerability (specific-threats.rules)
 * 1:19117 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed U3D integer overflow (specific-threats.rules)
 * 1:19115 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 89 overflow attempt (specific-threats.rules)
 * 1:19114 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 45 overflow attempt (specific-threats.rules)
 * 1:19113 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 81 overflow attempt (specific-threats.rules)
 * 1:19112 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D stucture heap overflow (specific-threats.rules)
 * 1:19082 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19080 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft OpenType font index remote code execution attempt (specific-threats.rules)
 * 1:19063 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Movie Maker string size overflow attempt (specific-threats.rules)
 * 1:19012 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:19011 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:18992 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player content parsing execution attempt (specific-threats.rules)
 * 1:18991 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18990 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18989 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18987 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:18986 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:18971 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash beginGradientfill improper color validation attempt (specific-threats.rules)
 * 1:18970 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player null pointer dereference attempt (specific-threats.rules)
 * 1:18969 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript ActionIf integer overflow attempt (specific-threats.rules)
 * 1:18968 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript3 stack integer overflow attempt (specific-threats.rules)
 * 1:18967 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript argumentCount download attempt (specific-threats.rules)
 * 1:18966 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18965 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (specific-threats.rules)
 * 1:18964 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18963 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript 3 addEventListener exploit attempt (specific-threats.rules)
 * 1:18952 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows uniscribe fonts parsing memory corruption attempt (specific-threats.rules)
 * 1:18948 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint converter bad indirection remote code execution attempt (specific-threats.rules)
 * 1:18806 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record exploit attempt (specific-threats.rules)
 * 1:18801 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat/Reader JpxDecode invalid crgn memory corruption attempt (web-client.rules)
 * 1:18776 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Director pamm chunk memory corruption attempt (web-client.rules)
 * 1:18772 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18771 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18740 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel sheet object type confusion exploit attempt (specific-threats.rules)
 * 1:18706 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed second pfragments field (web-client.rules)
 * 1:18685 <-> ENABLED <-> POLICY RTF file with embedded OLE object (policy.rules)
 * 1:18683 <-> ENABLED <-> POLICY Microsoft Office Excel file with embedded PDF object (policy.rules)
 * 1:18680 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed pfragments field (web-client.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18639 <-> ENABLED <-> EXPLOIT Microsoft Office Excel CatSerRange record exploit attempt (exploit.rules)
 * 1:18638 <-> ENABLED <-> EXPLOIT Microsoft Office Excel OfficeArtSpContainer record exploit attempt (exploit.rules)
 * 1:18637 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (web-client.rules)
 * 1:18636 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint SlideAtom record exploit attempt (specific-threats.rules)
 * 1:18635 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:18633 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record memory corruption attempt (web-client.rules)
 * 1:18632 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed Label record exploit attempt (web-client.rules)
 * 1:18596 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat util.printf buffer overflow attempt (specific-threats.rules)
 * 1:18585 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed TIFF remote code execution attempt (specific-threats.rules)
 * 1:18547 <-> ENABLED <-> POLICY Microsoft Office PowerPoint with embedded Flash file transfer (policy.rules)
 * 1:18546 <-> ENABLED <-> POLICY Microsoft Office Word with embedded Flash file transfer (policy.rules)
 * 1:18545 <-> ENABLED <-> POLICY Microsoft Office Excel with embedded Flash file transfer (policy.rules)
 * 1:18538 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgName invalid index exploit attempt (specific-threats.rules)
 * 1:18536 <-> DISABLED <-> SPECIFIC-THREATS OpenOffice.org Microsoft Word file processing integer underflow attempt (specific-threats.rules)
 * 1:18535 <-> ENABLED <-> WEB-CLIENT Multiple Vendors Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (web-client.rules)
 * 1:18527 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader shell metacharacter code execution attempt (web-client.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18507 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18506 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18503 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (specific-threats.rules)
 * 1:18457 <-> ENABLED <-> SPECIFIC-THREATS Adoboe Reader U3D rgba parsing overflow attempt (specific-threats.rules)
 * 1:18455 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed jpeg2000 superbox attempt (specific-threats.rules)
 * 1:18452 <-> ENABLED <-> SPECIFIC-THREATS Adobe malicious IFF memory corruption attempt (specific-threats.rules)
 * 1:18450 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed BMP RGBQUAD attempt (specific-threats.rules)
 * 1:18447 <-> ENABLED <-> EXPLOIT Adobe OpenAction crafted URI action thru Firefox attempt (exploit.rules)
 * 1:18420 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript ASnative function remote code execution attempt (specific-threats.rules)
 * 1:18418 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript apply function memory corruption attempt (specific-threats.rules)
 * 1:18399 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel BRAI record remote code execution attempt (specific-threats.rules)
 * 1:18311 <-> ENABLED <-> WEB-MISC Novell iManager getMultiPartParameters unauthorized file upload attempt (web-misc.rules)
 * 1:18308 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader icc mluc interger overflow attempt (web-client.rules)
 * 1:18265 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 1:18233 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher Adobe Font Driver code execution attempt (web-client.rules)
 * 1:18231 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher oversized oti length attempt (web-client.rules)
 * 1:18230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher memory corruption attempt (specific-threats.rules)
 * 1:18219 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18214 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher 97 conversion remote code execution attempt (specific-threats.rules)
 * 1:18212 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher tyo.oty field heap overflow attempt (specific-threats.rules)
 * 1:18102 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader invalid PDF JavaScript extension call (web-client.rules)
 * 1:18069 <-> ENABLED <-> WEB-CLIENT Microsoft Office Art drawing invalid shape identifier attempt (web-client.rules)
 * 1:18068 <-> ENABLED <-> EXPLOIT Microsoft Office Excel malformed MsoDrawingObject record attempt (exploit.rules)
 * 1:18067 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF parsing remote code execution attempt (web-client.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint integer underflow heap corruption attempt (web-client.rules)
 * 1:18065 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint converter bad indirection remote code execution attempt (exploit.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:17807 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:17806 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:17803 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detection (file-identify.rules)
 * 1:17773 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player Firefox plugin memory corruption attempt (exploit.rules)
 * 1:17770 <-> ENABLED <-> WEB-ACTIVEX Microsoft HtmlDlgHelper ActiveX clsid access (web-activex.rules)
 * 1:17764 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgName invalid index exploit attempt (specific-threats.rules)
 * 1:17763 <-> ENABLED <-> EXPLOIT Microsoft Office Excel GhostRw record exploit attempt (exploit.rules)
 * 1:17760 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record exploit attempt (specific-threats.rules)
 * 1:17759 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid SerAr object exploit attempt (specific-threats.rules)
 * 1:17758 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (specific-threats.rules)
 * 1:17757 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel CrErr record integer overflow attempt (web-client.rules)
 * 1:17756 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (web-client.rules)
 * 1:17755 <-> ENABLED <-> EXPLOIT Microsoft Office Word unchecked index value remote code execution attempt (exploit.rules)
 * 1:17754 <-> ENABLED <-> EXPLOIT Microsoft Office Word bookmark bound check remote code execution attempt (exploit.rules)
 * 1:17752 <-> ENABLED <-> EXPLOIT OpenType Font file parsing denial of service attempt (exploit.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17742 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17695 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint paragraph format array inner header overflow attempt (web-client.rules)
 * 1:17691 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17690 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17678 <-> ENABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:17668 <-> ENABLED <-> POLICY download of a PDF with embedded JavaScript - JS string (policy.rules)
 * 1:17658 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash frame type identifier memory corruption attempt (specific-threats.rules)
 * 1:17655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed formula parsing code execution attempt (web-client.rules)
 * 1:17649 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word array data handling buffer overflow attempt (web-client.rules)
 * 1:17646 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint Legacy file format picture object code execution attempt (web-client.rules)
 * 1:17633 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SWF frame handling buffer overflow attempt (web-client.rules)
 * 1:17612 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17611 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17610 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17591 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Crafted Sprm memory corruption attempt (web-client.rules)
 * 1:17578 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Section Table Array Buffer Overflow attempt (specific-threats.rules)
 * 1:17560 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Global Array Index Heap Overflow attempt (specific-threats.rules)
 * 1:17550 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Font Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17543 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Column record handling memory corruption attempt (specific-threats.rules)
 * 1:17542 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (specific-threats.rules)
 * 1:17539 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel unspecified memory corruption attempt (specific-threats.rules)
 * 1:17491 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (specific-threats.rules)
 * 1:17488 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed Range Code Execution attempt (specific-threats.rules)
 * 1:17472 <-> ENABLED <-> SPECIFIC-THREATS Adobe Acrobat JavaScript getIcon method buffer overflow attempt (specific-threats.rules)
 * 1:17471 <-> ENABLED <-> SPECIFIC-THREATS Adobe Acrobat JavaScript getIcon method buffer overflow attempt (specific-threats.rules)
 * 1:17458 <-> ENABLED <-> WEB-CLIENT BitDefender Internet Security script code execution attempt (web-client.rules)
 * 1:17430 <-> ENABLED <-> SPECIFIC-THREATS BitDefender Antivirus PDF processing memory corruption attempt (specific-threats.rules)
 * 1:17406 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17404 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17381 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime PDAT Atom parsing buffer overflow attempt (specific-threats.rules)
 * 1:17372 <-> ENABLED <-> WEB-CLIENT Apple QuickTime udta atom parsing heap overflow vulnerability (web-client.rules)
 * 1:17368 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document stream handling code execution attempt (web-client.rules)
 * 1:17362 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel IMDATA buffer overflow attempt (web-client.rules)
 * 1:17361 <-> ENABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (specific-threats.rules)
 * 1:17334 <-> ENABLED <-> SPECIFIC-THREATS RealPlayer SWF Flash File buffer overflow attempt (specific-threats.rules)
 * 1:17320 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17319 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17318 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17308 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word SmartTag record code execution attempt (web-client.rules)
 * 1:17301 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word TextBox sub-document memory corruption attempt (web-client.rules)
 * 1:17292 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed data record code execution attempt (web-client.rules)
 * 1:17285 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint PPT file parsing memory corruption attempt (web-client.rules)
 * 1:17284 <-> ENABLED <-> WEB-CLIENT Microsoft Office malformed routing slip code execution attempt (web-client.rules)
 * 1:17272 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer AVI parsing buffer overflow attempt (web-client.rules)
 * 1:17271 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Web View script injection attempt (web-client.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17257 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player and Reader remote code execution attempt (specific-threats.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17231 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17227 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel sheet name memory corruption attempt (web-client.rules)
 * 1:17215 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat libtiff TIFFFetchShortPair stack buffer overflow attempt (specific-threats.rules)
 * 1:17214 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat libtiff TIFFFetchShortPair stack buffer overflow attempt (specific-threats.rules)
 * 1:17204 <-> ENABLED <-> WEB-CLIENT Adobe Director file file mmap overflow attempt (web-client.rules)
 * 1:17203 <-> ENABLED <-> WEB-CLIENT Adobe Director file file rcsL overflow attempt (web-client.rules)
 * 1:17202 <-> ENABLED <-> WEB-CLIENT Adobe Director file file Shockwave 3D overflow attempt (web-client.rules)
 * 1:17200 <-> ENABLED <-> WEB-CLIENT Adobe Director file LsCM overflow attempt (web-client.rules)
 * 1:17198 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17197 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17196 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17194 <-> ENABLED <-> EXPLOIT Adobe Director file tSAC tag exploit attempt (exploit.rules)
 * 1:17193 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17192 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17191 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17190 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17149 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 2 (web-client.rules)
 * 1:17148 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 1 (web-client.rules)
 * 1:17135 <-> ENABLED <-> EXPLOIT Microsoft Windows Movie Maker string size overflow attempt (exploit.rules)
 * 1:17128 <-> ENABLED <-> EXPLOIT Cinepak Codec VIDC decompression remote code execution attempt (exploit.rules)
 * 1:17119 <-> ENABLED <-> EXPLOIT Microsoft Office Word sprmCMajority SPRM overflow attempt (exploit.rules)
 * 1:17117 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:17038 <-> ENABLED <-> EXPLOIT Microsoft Office Access ACCWIZ library release after free attempt - 1 (exploit.rules)
 * 1:16801 <-> ENABLED <-> EXPLOIT Adobe Reader CoolType.dll remote memory corruption denial of service attempt (exploit.rules)
 * 1:16800 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel FRTWrapper record buffer overflow attempt (specific-threats.rules)
 * 1:16673 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave DIR file PAMI chunk code execution attempt (web-client.rules)
 * 1:16661 <-> ENABLED <-> EXPLOIT quartz.dll MJPEG content processing memory corruption attempt (exploit.rules)
 * 1:16657 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DBQueryExt record memory corruption attempt (web-client.rules)
 * 1:16656 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (web-client.rules)
 * 1:16655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Lbl record stack overflow attempt (web-client.rules)
 * 1:16654 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel undocumented Publisher record heap buffer overflow attempt (web-client.rules)
 * 1:16653 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (web-client.rules)
 * 1:16652 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (web-client.rules)
 * 1:16651 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (web-client.rules)
 * 1:16650 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (web-client.rules)
 * 1:16648 <-> ENABLED <-> EXPLOIT Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (exploit.rules)
 * 1:16647 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (web-client.rules)
 * 1:16646 <-> ENABLED <-> EXPLOIT Microsoft Office Excel RealTimeData record stack buffer overflow attempt (exploit.rules)
 * 1:16645 <-> ENABLED <-> EXPLOIT Microsoft Office Excel SxView record memory pointer corruption attempt (exploit.rules)
 * 1:16644 <-> ENABLED <-> EXPLOIT Microsoft Office Excel WOpt record memory corruption attempt (exploit.rules)
 * 1:16643 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:16641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (web-client.rules)
 * 1:16640 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (web-client.rules)
 * 1:16639 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (web-client.rules)
 * 1:16638 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt (web-client.rules)
 * 1:16633 <-> ENABLED <-> WEB-CLIENT Adobe PDF File containing Flash use-after-free attack (web-client.rules)
 * 1:16603 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (web-client.rules)
 * 1:16593 <-> ENABLED <-> WEB-CLIENT Microsoft VBE6.dll stack corruption attempt (web-client.rules)
 * 1:16586 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16554 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat javascript getIcon method buffer overflow attempt (web-client.rules)
 * 1:16553 <-> ENABLED <-> EXPLOIT Microsoft Office Excel ptg index parsing code execution attempt (exploit.rules)
 * 1:16545 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (web-client.rules)
 * 1:16543 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player codec code execution attempt (web-client.rules)
 * 1:16542 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:16523 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:16490 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader malformed TIFF remote code execution attempt (specific-threats.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16475 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detection (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detection (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16471 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16470 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16469 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (web-client.rules)
 * 1:16466 <-> ENABLED <-> EXPLOIT Microsoft Office Excel uninitialized stack variable code execution attempt (exploit.rules)
 * 1:16465 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (web-client.rules)
 * 1:16464 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 heap overflow attempt (web-client.rules)
 * 1:16463 <-> ENABLED <-> EXPLOIT Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (exploit.rules)
 * 1:16462 <-> ENABLED <-> EXPLOIT Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (exploit.rules)
 * 1:16461 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel EntExU2 write access violation attempt (specific-threats.rules)
 * 1:16421 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint out of bounds value remote code execution attempt (exploit.rules)
 * 1:16416 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed MSODrawing Record (web-client.rules)
 * 1:16412 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (web-client.rules)
 * 1:16411 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:16410 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (web-client.rules)
 * 1:16390 <-> ENABLED <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules)
 * 1:16373 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt (web-client.rules)
 * 1:16361 <-> DISABLED <-> WEB-CLIENT Microsoft Office BMP header biClrUsed integer overflow attempt (web-client.rules)
 * 1:16360 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Image Description Atom sign extension memory corruption attempt (web-client.rules)
 * 1:16355 <-> DISABLED <-> WEB-CLIENT Xpdf Splash DrawImage integer overflow attempt (web-client.rules)
 * 1:16354 <-> DISABLED <-> POLICY Adobe PDF start-of-file alternate header obfuscation (policy.rules)
 * 1:16342 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile truncated media file processing memory corruption attempt (web-client.rules)
 * 1:16334 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader compressed media.newPlayer memory corruption attempt (specific-threats.rules)
 * 1:16333 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader media.newPlayer memory corruption attempt (web-client.rules)
 * 1:16331 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player JPEG parsing heap overflow attempt (web-client.rules)
 * 1:16325 <-> ENABLED <-> SPECIFIC-THREATS Adobe JPEG2k uninitialized QCC memory corruption attempt (specific-threats.rules)
 * 1:16324 <-> ENABLED <-> WEB-CLIENT Adobe doc.export arbitrary file write attempt (web-client.rules)
 * 1:16323 <-> ENABLED <-> EXPLOIT Adobe JPEG2k uninitialized QCC memory corruption attempt (exploit.rules)
 * 1:16322 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader oversized object width attempt (web-client.rules)
 * 1:16316 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player malformed getPropertyLate actioncode attempt (web-client.rules)
 * 1:16314 <-> ENABLED <-> EXPLOIT Microsoft Windows WordPad and Office text converter integer overflow attempt (exploit.rules)
 * 1:16293 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Flash memory corruption attempt (web-client.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16241 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (web-client.rules)
 * 1:16240 <-> ENABLED <-> EXPLOIT Microsoft Office Excel file Window/Pane record exploit attempt (exploit.rules)
 * 1:16236 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file SxView record exploit attempt (web-client.rules)
 * 1:16235 <-> ENABLED <-> EXPLOIT Microsoft Office Excel file SXDB record exploit attempt (exploit.rules)
 * 1:16234 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16233 <-> ENABLED <-> EXPLOIT Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (exploit.rules)
 * 1:16229 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel oversized ib memory corruption attempt (web-client.rules)
 * 1:16226 <-> ENABLED <-> EXPLOIT Microsoft Office Excel integer field in row record improper validation remote code execution attempt (exploit.rules)
 * 1:16225 <-> ENABLED <-> EXPLOIT Adobe Shockwave Flash arbitrary memory access attempt (exploit.rules)
 * 1:16223 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave tSAC pointer overwrite attempt (web-client.rules)
 * 1:16220 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave director file malformed lcsr block memory corruption attempt (web-client.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16188 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint bad text header txttype attempt (web-client.rules)
 * 1:16178 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ Excel file Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16177 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ Word file Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16176 <-> ENABLED <-> EXPLOIT Adobe collab.addStateModel remote corruption attempt (exploit.rules)
 * 1:16175 <-> ENABLED <-> EXPLOIT Adobe collab.removeStateModel denial of service attempt (exploit.rules)
 * 1:16059 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed file format parsing code execution attempt (specific-threats.rules)
 * 1:16054 <-> DISABLED <-> WEB-CLIENT Apple Quicktime bitmap multiple header overflow (web-client.rules)
 * 1:16051 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 conversion library code execution attempt (specific-threats.rules)
 * 1:15993 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15909 <-> DISABLED <-> WEB-CLIENT Apple QuickTime VR Track Header Atom heap corruption attempt (web-client.rules)
 * 1:15867 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat PDF font processing memory corruption attempt (web-client.rules)
 * 1:15729 <-> ENABLED <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules)
 * 1:15728 <-> ENABLED <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules)
 * 1:15727 <-> ENABLED <-> POLICY attempted download of a PDF with embedded Flash over http (policy.rules)
 * 1:15709 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat and Adobe Acrobat Reader FlateDecode integer overflow attempt (web-client.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15562 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader JPX malformed code-block width attempt (web-client.rules)
 * 1:15559 <-> ENABLED <-> WEB-CLIENT Apple QuickTime Movie File Clipping Region handling heap buffer overflow attempt (web-client.rules)
 * 1:15542 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Qsir and Qsif record remote code execution attempt (web-client.rules)
 * 1:15541 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SST record remote code execution attempt (web-client.rules)
 * 1:15539 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Formula record remote code execution attempt (web-client.rules)
 * 1:15525 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15524 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15506 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (web-client.rules)
 * 1:15505 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (web-client.rules)
 * 1:15502 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (web-client.rules)
 * 1:15501 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (web-client.rules)
 * 1:15500 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint LinkedSlide memory corruption (web-client.rules)
 * 1:15499 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (web-client.rules)
 * 1:15493 <-> DISABLED <-> SPECIFIC-THREATS Adobe PDF getAnnots exploit attempt (specific-threats.rules)
 * 1:15492 <-> DISABLED <-> SPECIFIC-THREATS Adobe PDF spell.customDictionaryOpen exploit attempt (specific-threats.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15469 <-> ENABLED <-> WEB-CLIENT Microsoft Office WordPad and Office text converters integer underflow attempt (web-client.rules)
 * 1:15467 <-> ENABLED <-> EXPLOIT Microsoft WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (exploit.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15107 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
 * 1:15014 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat util.printf buffer overflow attempt (web-client.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:14642 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file with embedded ActiveX control (web-client.rules)
 * 1:14641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (web-client.rules)
 * 1:13981 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed chart arbitrary code execution attempt (web-client.rules)
 * 1:13972 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel country record arbitrary code execution attempt (web-client.rules)
 * 1:13971 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (web-client.rules)
 * 1:13920 <-> ENABLED <-> WEB-CLIENT Apple Quicktime Obji Atom parsing stack buffer overflow attempt (web-client.rules)
 * 1:13919 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13918 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13917 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13865 <-> ENABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:13824 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (web-client.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13572 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (web-client.rules)
 * 1:13571 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel dval record arbitrary code excecution attempt (web-client.rules)
 * 1:13570 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel cf record arbitrary code excecution attempt (web-client.rules)
 * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules)
 * 1:13470 <-> ENABLED <-> EXPLOIT Microsoft Office Publisher memory corruption attempt (exploit.rules)
 * 1:12746 <-> ENABLED <-> EXPLOIT Apple QuickTime STSD atom overflow attempt (exploit.rules)
 * 1:12256 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed FBI record (web-client.rules)
 * 1:12184 <-> DISABLED <-> MISC Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (misc.rules)
 * 1:12099 <-> DISABLED <-> MISC Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (misc.rules)
 * 1:12070 <-> DISABLED <-> EXPLOIT Microsoft Office Excel malformed version field (exploit.rules)
 * 1:11290 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11258 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Named Graph Information unicode overflow (web-client.rules)
 * 1:11180 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie ftyp buffer underflow (web-client.rules)
 * 3:13469 <-> ENABLED <-> WEB-CLIENT Microsoft Word ole stream memory corruption attempt (web-client.rules)
 * 3:13471 <-> ENABLED <-> EXPLOIT Microsoft Publisher invalid pathname overwrite (exploit.rules)
 * 3:13582 <-> ENABLED <-> WEB-CLIENT Microsoft Excel sst record arbitrary code execution attempt (web-client.rules)
 * 3:13790 <-> ENABLED <-> WEB-CLIENT Microsoft Word malformed css remote code execution attempt (web-client.rules)
 * 3:13803 <-> ENABLED <-> WEB-CLIENT RTF control word overflow attempt (web-client.rules)
 * 3:13897 <-> ENABLED <-> EXPLOIT Apple Quicktime crgn atom parsing buffer overflow attempt (exploit.rules)
 * 3:13969 <-> ENABLED <-> WEB-CLIENT Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (web-client.rules)
 * 3:14655 <-> ENABLED <-> WEB-CLIENT Excel rept integer underflow attempt (web-client.rules)
 * 3:15117 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed OBJ record arbitrary code execution attempt (web-client.rules)
 * 3:15365 <-> ENABLED <-> WEB-CLIENT Microsoft Excel extrst record arbitrary code excecution attempt (web-client.rules)
 * 3:15454 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (web-client.rules)
 * 3:15465 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed object record remote code execution attempt (web-client.rules)
 * 3:15498 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint CString atom overflow attempt (web-client.rules)
 * 3:15519 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel BRAI record remote code execution attempt (web-client.rules)
 * 3:15520 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel FtCbls remote code execution attempt (web-client.rules)
 * 3:15521 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternSheet record remote code execution attempt (web-client.rules)
 * 3:15920 <-> ENABLED <-> WEB-CLIENT Microsoft mp3 malformed APIC header RCE attempt (web-client.rules)
 * 3:16222 <-> ENABLED <-> WEB-CLIENT Malformed BMP dimensions arbitrary code execution attempt (web-client.rules)
 * 3:16228 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed StartObject record arbitrary code execution attempt (web-client.rules)
 * 3:16230 <-> ENABLED <-> WEB-CLIENT Microsoft Excel oversized ib memory corruption attempt (web-client.rules)
 * 3:16232 <-> ENABLED <-> WEB-CLIENT Windows TrueType font file parsing integer overflow attempt (web-client.rules)
 * 3:16343 <-> ENABLED <-> WEB-CLIENT obfuscated header in PDF (web-client.rules)
 * 3:16370 <-> ENABLED <-> WEB-CLIENT Adobe Reader JP2C Region Atom CompNum memory corruption attempt (web-client.rules)
 * 3:16662 <-> ENABLED <-> WEB-CLIENT Microsoft Excel SxView heap overflow attempt (web-client.rules)
 * 3:17199 <-> ENABLED <-> WEB-CLIENT Adobe Director file file lRTX overflow attempt (web-client.rules)
 * 3:17201 <-> ENABLED <-> WEB-CLIENT Adobe Director file file LsCM overflow attempt (web-client.rules)
 * 3:17242 <-> ENABLED <-> WEB-CLIENT Windows Media Player ASF file arbitrary code execution attempt (web-client.rules)
 * 3:17608 <-> ENABLED <-> WEB-CLIENT Apple QuickTime color table atom movie file handling heap corruption attempt (web-client.rules)
 * 3:17647 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (web-client.rules)
 * 3:17665 <-> ENABLED <-> WEB-CLIENT OpenOffice Word document table parsing multiple heap based buffer overflow attempt (web-client.rules)
 * 3:17762 <-> ENABLED <-> WEB-CLIENT Microsoft Excel corrupted TABLE record clean up exploit attempt (web-client.rules)
 * 3:17765 <-> ENABLED <-> WEB-CLIENT OpenType Font file parsing buffer overflow attempt (web-client.rules)
 * 3:18213 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher column and row remote code execution attempt (specific-threats.rules)
 * 3:18421 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript beginGradientFill memory corruption attempt (specific-threats.rules)
 * 3:18444 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash forged atom type attempt (specific-threats.rules)
 * 3:18502 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript Actionlf out of range negative offset attempt (specific-threats.rules)
 * 3:18504 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionConstantPool overflow attempt (specific-threats.rules)
 * 3:18505 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionPush overflow attempt (specific-threats.rules)
 * 3:18630 <-> ENABLED <-> WEB-CLIENT Microsoft Excel rtToolbarDef record integer overflow attempt (web-client.rules)
 * 3:18631 <-> ENABLED <-> WEB-CLIENT Microsoft Excel rtToolbarDef record integer overflow attempt (web-client.rules)
 * 3:18640 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed SupBook record attempt (web-client.rules)
 * 3:18641 <-> ENABLED <-> SPECIFIC_THREATS Excel OBJ record invalid cmo.ot exploit attempt (specific-threats.rules)
 * 3:18673 <-> ENABLED <-> WEB-CLIENT Microsoft Fax Cover Page Editor heap corruption attempt (web-client.rules)
 * 3:18676 <-> ENABLED <-> WEB-CLIENT WEB-CLIENT Microsoft Office Excel DV record buffer overflow attempt (web-client.rules)
 * 3:18949 <-> ENABLED <-> WEB-CLIENT PowerPoint malformed RecolorInfoAtom exploit attempt (web-client.rules)
 * 3:19350 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Player Director file FFFFFF88 record integer overflow attempt (web-client.rules)
 * 3:20539 <-> ENABLED <-> WEB-CLIENT Microsoft TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (web-client.rules)
 * 3:16649 <-> ENABLED <-> WEB-CLIENT Microsoft Excel HFPicture record stack buffer overflow attempt (web-client.rules)
 * 3:18063 <-> ENABLED <-> WEB-CLIENT Microsoft Office embedded Office Art drawings execution attempt (web-client.rules)