Sourcefire VRT Rules Update

Date: 2012-01-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20986 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20985 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20984 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20983 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20982 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20981 <-> DISABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20980 <-> DISABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20979 <-> DISABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20978 <-> DISABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20977 <-> DISABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20976 <-> DISABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20975 <-> DISABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20974 <-> DISABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20973 <-> DISABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20972 <-> DISABLED <-> FILE-IDENTIFY M4V file download request (file-identify.rules)
 * 1:20971 <-> DISABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20970 <-> DISABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20969 <-> DISABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20968 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20967 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20965 <-> DISABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20964 <-> DISABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20963 <-> DISABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20962 <-> DISABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20961 <-> DISABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20959 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20958 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20957 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20956 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20955 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20954 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20953 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20952 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20951 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20950 <-> DISABLED <-> FILE-IDENTIFY MOV file magic detection (file-identify.rules)
 * 1:20949 <-> ENABLED <-> WEB-ACTIVEX Autodesk iDrop ActiveX clsid access (web-activex.rules)
 * 1:20948 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20941 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20940 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20937 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20936 <-> DISABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20935 <-> DISABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20933 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20931 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20929 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20928 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detection (file-identify.rules)
 * 1:20927 <-> ENABLED <-> BOTNET-CNC Trojan.Spyeye-207 outbound connection (botnet-cnc.rules)
 * 1:20926 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20925 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20924 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detection (file-identify.rules)

Modified Rules:


 * 1:19685 <-> ENABLED <-> WEB-CLIENT Adobe Flash regular expression grouping depth buffer overflow attempt (web-client.rules)
 * 1:19684 <-> ENABLED <-> SPECIFIC-THREATS Adobe CFF font storage memory corruption attempt (specific-threats.rules)
 * 1:19683 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 buffer overflow attempt (web-client.rules)
 * 1:19682 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ActionScript 3 integer overflow attempt (web-client.rules)
 * 1:19676 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLDTOptions object exploit attempt (specific-threats.rules)
 * 1:19675 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLString data length exploit attempt (specific-threats.rules)
 * 1:19621 <-> ENABLED <-> WEB-CLIENT MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (web-client.rules)
 * 1:19588 <-> DISABLED <-> BACKDOOR Win32.Sereki.B successful connection (backdoor.rules)
 * 1:19560 <-> ENABLED <-> WEB-CLIENT Apple iTunes PLS file parsing buffer overflow attempt (web-client.rules)
 * 1:19443 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:19442 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:9845 <-> DISABLED <-> FILE-IDENTIFY M3U file magic detection (file-identify.rules)
 * 1:9844 <-> DISABLED <-> WEB-CLIENT VLC Media Player udp URI format string attempt (web-client.rules)
 * 1:9401 <-> DISABLED <-> SPECIFIC-THREATS gokar http propagation detectiot (specific-threats.rules)
 * 1:8549 <-> DISABLED <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Publisher file magic detection (file-identify.rules)
 * 1:7743 <-> ENABLED <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules)
 * 1:7203 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word information string overflow attempt (web-client.rules)
 * 1:7202 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:7201 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word summary information null string overflow attempt (web-client.rules)
 * 1:7200 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word document summary information null string overflow attempt (web-client.rules)
 * 1:6256 <-> ENABLED <-> SPYWARE-PUT Adware searchsquire installtime/auto-update (spyware-put.rules)
 * 1:5811 <-> ENABLED <-> SPYWARE-PUT shop at home select installation in progress - clsid detected (spyware-put.rules)
 * 1:5799 <-> ENABLED <-> SPYWARE-PUT mydailyhoroscope update or installation in progress (spyware-put.rules)
 * 1:5741 <-> DISABLED <-> WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt (web-client.rules)
 * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:5318 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf file arbitrary code execution attempt (web-client.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:3820 <-> DISABLED <-> WEB-CLIENT Microsoft Windows CHM file transfer attempt (web-client.rules)
 * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:3686 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Content Advisor memory corruption attempt (web-client.rules)
 * 1:3552 <-> DISABLED <-> WEB-CLIENT Microsoft Windows OLE32 MSHTA masquerade attempt (web-client.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:3088 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp cda file name overflow attempt (web-client.rules)
 * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:2423 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:2422 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2420 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:2419 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:20904 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20903 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20902 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20883 <-> ENABLED <-> WEB-CLIENT Microsoft Windows embedded packager object with .application extension bypass attempt (web-client.rules)
 * 1:20882 <-> DISABLED <-> WEB-CLIENT Microsoft Windows embedded packager object identifier (web-client.rules)
 * 1:20881 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows embedded packager object with .application extension bypass attempt (specific-threats.rules)
 * 1:20802 <-> ENABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (specific-threats.rules)
 * 1:20734 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player digital video recording buffer overflow attempt (web-client.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20722 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (web-client.rules)
 * 1:20717 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OLE versioned stream missing data stream (specific-threats.rules)
 * 1:20590 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:20568 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (specific-threats.rules)
 * 1:20567 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash SWF AVM2 namespace lookup deref exploit (specific-threats.rules)
 * 1:20557 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionDefineFunction2 length overflow attempt (specific-threats.rules)
 * 1:20556 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player PlaceObjectX null pointer dereference attempt (specific-threats.rules)
 * 1:20555 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash MP4 ref_frame allocated buffer overflow attempt (specific-threats.rules)
 * 1:20553 <-> ENABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:20551 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Stage 3D texture format overflow attempt (specific-threats.rules)
 * 1:20550 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Mover3D clipping exploit (specific-threats.rules)
 * 1:20549 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion attempt (specific-threats.rules)
 * 1:20548 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player recursive doaction stack exhaustion (specific-threats.rules)
 * 1:20547 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player overlapping record overflow attempt (specific-threats.rules)
 * 1:20545 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player SWF embedded font null pointer attempt (specific-threats.rules)
 * 1:20544 <-> DISABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20507 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20497 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20496 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20495 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20480 <-> DISABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20295 <-> DISABLED <-> SPECIFIC-THREATS Public LibTiff Exploit (specific-threats.rules)
 * 1:20290 <-> DISABLED <-> BACKDOOR Win32.Doschald.A inbound connection (backdoor.rules)
 * 1:20288 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer QCP parsing buffer overflow attempt (web-client.rules)
 * 1:20287 <-> DISABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20260 <-> DISABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20259 <-> ENABLED <-> WEB-MISC Malicious Microsoft Agent Helper JAR download attempt (web-misc.rules)
 * 1:20245 <-> DISABLED <-> POLICY remote privoxy config access (policy.rules)
 * 1:20237 <-> ENABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:20224 <-> DISABLED <-> WEB-CLIENT MPlayer SMI file buffer overflow attempt (web-client.rules)
 * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20211 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:20206 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player pcre ActionScript under allocation (specific-threats.rules)
 * 1:20183 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player setInterval use attempt (specific-threats.rules)
 * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detection (file-identify.rules)
 * 1:20133 <-> DISABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:20128 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office invalid MS-OGRAPH DataFormat record (specific-threats.rules)
 * 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected host at destination ip (botnet-cnc.rules)
 * 1:20070 <-> DISABLED <-> FILE-IDENTIFY BIN file download request (file-identify.rules)
 * 1:20066 <-> ENABLED <-> BOTNET-CNC Trojan Win32 SensLiceld.A runtime traffic detected (botnet-cnc.rules)
 * 1:20062 <-> DISABLED <-> EXPLOIT Microsoft Office Excel File Importing Code Execution (exploit.rules)
 * 1:20050 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory consumption vulnerability (specific-threats.rules)
 * 1:20049 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel SLK file excessive Picture records exploit attempt (specific-threats.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:19911 <-> ENABLED <-> WEB-CLIENT Microsoft SYmbolic LinK stack overflow attempt (web-client.rules)
 * 1:19908 <-> DISABLED <-> WEB-MISC Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (web-misc.rules)
 * 1:19907 <-> DISABLED <-> FILE-IDENTIFY PICT file magic detection (file-identify.rules)
 * 1:19894 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 1:19807 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit SVG memory corruption attempt (web-client.rules)
 * 1:19692 <-> ENABLED <-> WEB-CLIENT Adobe Flash cross-site request forgery attempt (web-client.rules)
 * 1:19691 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript Filereference buffer overflow attempt (specific-threats.rules)
 * 1:19690 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript duplicateDoorInputArguments stack overwrite (specific-threats.rules)
 * 1:19689 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript dynamic calculation double-free attempt (specific-threats.rules)
 * 1:19688 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript BitmapData buffer overflow attempt (specific-threats.rules)
 * 1:19687 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionStoreRegister instruction length invalidation attempt (web-client.rules)
 * 1:19686 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash uninitialized bitmap structure memory corruption attempt (specific-threats.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detection (file-identify.rules)
 * 1:19421 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19420 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19412 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record parsing memory corruption (specific-threats.rules)
 * 1:19403 <-> ENABLED <-> SPECIFIC-THREATS Cinepak Codec VIDC decompression remote code execution attempt (specific-threats.rules)
 * 1:19316 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFF filter remote code execution attempt (specific-threats.rules)
 * 1:19308 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows embedded OpenType EOT font integer overflow attempt (specific-threats.rules)
 * 1:19303 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19295 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word HTML linked objects memory corruption attempt (specific-threats.rules)
 * 1:19293 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19253 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (web-client.rules)
 * 1:19252 <-> DISABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules)
 * 1:19230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Selection exploit attempt (specific-threats.rules)
 * 1:19229 <-> ENABLED <-> EXPLOIT Microsoft Office Excel SLK file excessive Picture records exploit attempt (exploit.rules)
 * 1:19226 <-> DISABLED <-> SPECIFIC-THREATS Cisco Webex Player .wrf stack buffer overflow (specific-threats.rules)
 * 1:19224 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19217 <-> DISABLED <-> SPECIFIC-THREATS Google Chrome Uninitialized bug_report Pointer Code Execution (specific-threats.rules)
 * 1:19216 <-> DISABLED <-> SPECIFIC-THREATS Google Chrome Uninitialized bug_report Pointer Code Execution (specific-threats.rules)
 * 1:19215 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19177 <-> ENABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19176 <-> ENABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19170 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows .NET Framework XAML browser applications stack corruption (specific-threats.rules)
 * 1:19153 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word malformed index code execution attempt (web-client.rules)
 * 1:19144 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows MPEG Layer-3 audio heap corruption attempt (specific-threats.rules)
 * 1:19141 <-> DISABLED <-> WEB-CLIENT Microsoft Access Wizard control memory corruption ActiveX clsid access (web-client.rules)
 * 1:19132 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19131 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19130 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19080 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft OpenType font index remote code execution attempt (specific-threats.rules)
 * 1:19002 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (specific-threats.rules)
 * 1:18992 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player content parsing execution attempt (specific-threats.rules)
 * 1:18971 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash beginGradientfill improper color validation attempt (specific-threats.rules)
 * 1:18970 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player null pointer dereference attempt (specific-threats.rules)
 * 1:18969 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript ActionIf integer overflow attempt (specific-threats.rules)
 * 1:18968 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript3 stack integer overflow attempt (specific-threats.rules)
 * 1:18967 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript argumentCount download attempt (specific-threats.rules)
 * 1:18966 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18965 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (specific-threats.rules)
 * 1:18964 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18963 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript 3 addEventListener exploit attempt (specific-threats.rules)
 * 1:18928 <-> DISABLED <-> WEB-CLIENT Apple QuickTime streaming debug error logging buffer overflow attempt (web-client.rules)
 * 1:18803 <-> ENABLED <-> WEB-MISC Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (web-misc.rules)
 * 1:18772 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18771 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18755 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio Data Type Memory Corruption (specific-threats.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18645 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:18637 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (web-client.rules)
 * 1:18593 <-> DISABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18583 <-> ENABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18547 <-> ENABLED <-> POLICY Microsoft Office PowerPoint with embedded Flash file transfer (policy.rules)
 * 1:18546 <-> ENABLED <-> POLICY Microsoft Office Word with embedded Flash file transfer (policy.rules)
 * 1:18545 <-> ENABLED <-> POLICY Microsoft Office Excel with embedded Flash file transfer (policy.rules)
 * 1:18535 <-> ENABLED <-> WEB-CLIENT Multiple Vendors Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (web-client.rules)
 * 1:18516 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18503 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (specific-threats.rules)
 * 1:18484 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18483 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18463 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:18420 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript ASnative function remote code execution attempt (specific-threats.rules)
 * 1:18418 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash player ActionScript apply function memory corruption attempt (specific-threats.rules)
 * 1:18275 <-> DISABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18273 <-> DISABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18265 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 1:18236 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFFIM32.FLT filter memory corruption attempt (specific-threats.rules)
 * 1:18235 <-> DISABLED <-> WEB-CLIENT Microsoft Office PICT graphics converter memory corruption attempt (web-client.rules)
 * 1:18234 <-> DISABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18229 <-> ENABLED <-> SPECIFIC-THREATS Microsoft FlashPix tile length overflow attempt (specific-threats.rules)
 * 1:18201 <-> ENABLED <-> EXPLOIT Microsoft Office TIFF filter remote code execution attempt (exploit.rules)
 * 1:18067 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF parsing remote code execution attempt (web-client.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint integer underflow heap corruption attempt (web-client.rules)
 * 1:18065 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint converter bad indirection remote code execution attempt (exploit.rules)
 * 1:17809 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:17770 <-> ENABLED <-> WEB-ACTIVEX Microsoft HtmlDlgHelper ActiveX clsid access (web-activex.rules)
 * 1:17756 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (web-client.rules)
 * 1:17755 <-> ENABLED <-> EXPLOIT Microsoft Office Word unchecked index value remote code execution attempt (exploit.rules)
 * 1:17754 <-> ENABLED <-> EXPLOIT Microsoft Office Word bookmark bound check remote code execution attempt (exploit.rules)
 * 1:17751 <-> DISABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17747 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (exploit.rules)
 * 1:17742 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17740 <-> ENABLED <-> SPECIFIC-THREATS Apple Quicktime FlashPix processing overflow attempt (specific-threats.rules)
 * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17735 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17734 <-> ENABLED <-> WEB-MISC Excel REPT integer underflow attempt (web-misc.rules)
 * 1:17733 <-> DISABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17732 <-> DISABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17695 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint paragraph format array inner header overflow attempt (web-client.rules)
 * 1:17691 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17690 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17658 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash frame type identifier memory corruption attempt (specific-threats.rules)
 * 1:17650 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (specific-threats.rules)
 * 1:17649 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word array data handling buffer overflow attempt (web-client.rules)
 * 1:17646 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint Legacy file format picture object code execution attempt (web-client.rules)
 * 1:17633 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SWF frame handling buffer overflow attempt (web-client.rules)
 * 1:17613 <-> ENABLED <-> WEB-MISC Mozilla Firefox browser engine  memory corruption attempt (web-misc.rules)
 * 1:17601 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox file type memory corruption attempt (web-client.rules)
 * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17591 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Crafted Sprm memory corruption attempt (web-client.rules)
 * 1:17585 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer possible javascript onunload event memory corruption (specific-threats.rules)
 * 1:17578 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Section Table Array Buffer Overflow attempt (specific-threats.rules)
 * 1:17574 <-> ENABLED <-> SPECIFIC-THREATS Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17565 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (specific-threats.rules)
 * 1:17563 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (specific-threats.rules)
 * 1:17561 <-> ENABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (specific-threats.rules)
 * 1:17560 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Global Array Index Heap Overflow attempt (specific-threats.rules)
 * 1:17553 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17549 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer Error Handling Code Execution (specific-threats.rules)
 * 1:17548 <-> ENABLED <-> WEB-CLIENT Apple Quicktime SMIL File Handling Integer Overflow attempt (web-client.rules)
 * 1:17547 <-> DISABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17541 <-> ENABLED <-> SPECIFIC-THREATS Avast! Antivirus Engine Remote LHA buffer overflow attempt (specific-threats.rules)
 * 1:17540 <-> DISABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17509 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17508 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17507 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17506 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17505 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17492 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (specific-threats.rules)
 * 1:17491 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (specific-threats.rules)
 * 1:17490 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (specific-threats.rules)
 * 1:17489 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Help File Heap Buffer Overflow attempt (specific-threats.rules)
 * 1:17442 <-> ENABLED <-> POLICY Microsoft Windows download of .lnk file that executes cmd.exe detected (policy.rules)
 * 1:17441 <-> DISABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17424 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (specific-threats.rules)
 * 1:17423 <-> ENABLED <-> WEB-MISC Citrix Program Neighborhood Agent Buffer Overflow attempt (web-misc.rules)
 * 1:17420 <-> ENABLED <-> WEB-MISC Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (web-misc.rules)
 * 1:17415 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17414 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17413 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Jet DB Engine Buffer Overflow attempt (specific-threats.rules)
 * 1:17406 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17404 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17394 <-> DISABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17388 <-> ENABLED <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules)
 * 1:17383 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Object Handler Validation Code Execution attempted (specific-threats.rules)
 * 1:17382 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Project Invalid Memory Pointer Code Execution attempt (specific-threats.rules)
 * 1:17380 <-> DISABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17376 <-> ENABLED <-> WEB-MISC IBM Lotus Expeditor cai URI handler command execution attempt (web-misc.rules)
 * 1:17374 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows HLP File Handling heap overflow attempt (specific-threats.rules)
 * 1:17368 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document stream handling code execution attempt (web-client.rules)
 * 1:17365 <-> DISABLED <-> WEB-CLIENT Microsoft Help Workshop CNT Help contents buffer overflow attempt (web-client.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17360 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox XBM image processing buffer overflow attempt (web-client.rules)
 * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17334 <-> ENABLED <-> SPECIFIC-THREATS RealPlayer SWF Flash File buffer overflow attempt (specific-threats.rules)
 * 1:17330 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17320 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17319 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17318 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17315 <-> ENABLED <-> WEB-CLIENT OpenOffice OLE File Stream Buffer Overflow (web-client.rules)
 * 1:17314 <-> DISABLED <-> FILE-IDENTIFY OLE Document file magic detection (file-identify.rules)
 * 1:17309 <-> ENABLED <-> SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow (specific-threats.rules)
 * 1:17308 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word SmartTag record code execution attempt (web-client.rules)
 * 1:17301 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word TextBox sub-document memory corruption attempt (web-client.rules)
 * 1:17292 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed data record code execution attempt (web-client.rules)
 * 1:17285 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint PPT file parsing memory corruption attempt (web-client.rules)
 * 1:17278 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17277 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17276 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17271 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Web View script injection attempt (web-client.rules)
 * 1:17257 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player and Reader remote code execution attempt (specific-threats.rules)
 * 1:17241 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17238 <-> ENABLED <-> WEB-CLIENT ACD Systems ACDSee Products XBM file handling buffer overflow attempt (web-client.rules)
 * 1:17232 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules)
 * 1:17231 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detection (file-identify.rules)
 * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detection (file-identify.rules)
 * 1:17119 <-> ENABLED <-> EXPLOIT Microsoft Office Word sprmCMajority SPRM overflow attempt (exploit.rules)
 * 1:17116 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17038 <-> ENABLED <-> EXPLOIT Microsoft Office Access ACCWIZ library release after free attempt - 1 (exploit.rules)
 * 1:16751 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (web-client.rules)
 * 1:16743 <-> DISABLED <-> WEB-CLIENT Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (web-client.rules)
 * 1:16742 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16739 <-> ENABLED <-> WEB-CLIENT MultiMedia Jukebox multiple playlist file handling overflow attempt (web-client.rules)
 * 1:16679 <-> ENABLED <-> WEB-MISC Microsoft Windows GDIplus integer overflow attempt (web-misc.rules)
 * 1:1666 <-> ENABLED <-> ATTACK-RESPONSES index of /cgi-bin/ response (attack-responses.rules)
 * 1:16642 <-> DISABLED <-> POLICY file URI scheme (policy.rules)
 * 1:16636 <-> ENABLED <-> MISC Microsoft Windows .NET framework XMLDsig data tampering attempt  (misc.rules)
 * 1:16593 <-> ENABLED <-> WEB-CLIENT Microsoft VBE6.dll stack corruption attempt (web-client.rules)
 * 1:16586 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules)
 * 1:16523 <-> ENABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:16520 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing path overflow attempt (web-client.rules)
 * 1:16519 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing name overflow attempt (web-client.rules)
 * 1:16518 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing announce overflow attempt (web-client.rules)
 * 1:16473 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16517 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing comment overflow attempt (web-client.rules)
 * 1:16421 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint out of bounds value remote code execution attempt (exploit.rules)
 * 1:16412 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (web-client.rules)
 * 1:16411 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:16410 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (web-client.rules)
 * 1:16390 <-> ENABLED <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules)
 * 1:16354 <-> DISABLED <-> POLICY Adobe PDF start-of-file alternate header obfuscation (policy.rules)
 * 1:16331 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player JPEG parsing heap overflow attempt (web-client.rules)
 * 1:16316 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player malformed getPropertyLate actioncode attempt (web-client.rules)
 * 1:16314 <-> ENABLED <-> EXPLOIT Microsoft Windows WordPad and Office text converter integer overflow attempt (exploit.rules)
 * 1:16315 <-> ENABLED <-> WEB-MISC Adobe Flash PlugIn check if file exists attempt (web-misc.rules)
 * 1:16234 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16188 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint bad text header txttype attempt (web-client.rules)
 * 1:16177 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ Word file Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16062 <-> DISABLED <-> MISC ACD Systems ACDSee Products XPM values section buffer overflow attempt (misc.rules)
 * 1:15993 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules)
 * 1:15922 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15901 <-> ENABLED <-> MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (multimedia.rules)
 * 1:15871 <-> ENABLED <-> WEB-CLIENT FFmpeg 4xm processing memory corruption attempt (web-client.rules)
 * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15866 <-> DISABLED <-> WEB-CLIENT libxml2 file processing long entity overflow attempt (web-client.rules)
 * 1:15729 <-> ENABLED <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules)
 * 1:15695 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15694 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (web-client.rules)
 * 1:15693 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (web-client.rules)
 * 1:15587 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15586 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15583 <-> DISABLED <-> WEB-CLIENT F-Secure AntiVirus library heap overflow attempt (web-client.rules)
 * 1:15582 <-> DISABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15565 <-> ENABLED <-> SPYWARE-PUT RSPlug Trojan file download attempt (spyware-put.rules)
 * 1:15564 <-> ENABLED <-> SPYWARE-PUT RSPlug Trojan file download attempt (spyware-put.rules)
 * 1:15525 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15524 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15516 <-> DISABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15506 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (web-client.rules)
 * 1:15505 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (web-client.rules)
 * 1:15502 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (web-client.rules)
 * 1:15501 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (web-client.rules)
 * 1:15500 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint LinkedSlide memory corruption (web-client.rules)
 * 1:15499 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (web-client.rules)
 * 1:15487 <-> ENABLED <-> MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (multimedia.rules)
 * 1:15483 <-> DISABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15472 <-> ENABLED <-> WEB-CLIENT Multiple MP3 player PLS buffer overflow attempt (web-client.rules)
 * 1:15469 <-> ENABLED <-> WEB-CLIENT Microsoft Office WordPad and Office text converters integer underflow attempt (web-client.rules)
 * 1:15467 <-> ENABLED <-> EXPLOIT Microsoft WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (exploit.rules)
 * 1:15464 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15463 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15444 <-> DISABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15428 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:15427 <-> DISABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15241 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules)
 * 1:15294 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15236 <-> ENABLED <-> WEB-CLIENT ACD Systems ACDSee XPM file format overflow attempt (web-client.rules)
 * 1:15105 <-> ENABLED <-> WEB-CLIENT Microsoft GDI WMF file parsing integer overflow attempt (web-client.rules)
 * 1:15080 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (multimedia.rules)
 * 1:14020 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:14019 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:14018 <-> DISABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14017 <-> DISABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:13971 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (web-client.rules)
 * 1:13936 <-> ENABLED <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection - call home (spyware-put.rules)
 * 1:13939 <-> ENABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - auto update (spyware-put.rules)
 * 1:13896 <-> DISABLED <-> SQL Microsoft SQL server MTF file download (sql.rules)
 * 1:13878 <-> ENABLED <-> BACKDOOR trojan-spy.win32.delf.uv runtime detection (backdoor.rules)
 * 1:13863 <-> ENABLED <-> POLICY Habbo chat client successful login (policy.rules)
 * 1:13813 <-> ENABLED <-> SPYWARE-PUT Trickler mm.exe runtime detection (spyware-put.rules)
 * 1:13807 <-> DISABLED <-> WEB-CLIENT Microsoft Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)
 * 1:13678 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file download request (file-identify.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13572 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (web-client.rules)
 * 1:12634 <-> ENABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (exploit.rules)
 * 1:12611 <-> ENABLED <-> CHAT ebuddy.com login attempt (chat.rules)
 * 1:12244 <-> ENABLED <-> BACKDOOR itadem trojan 3.0 runtime detection (backdoor.rules)
 * 1:12239 <-> ENABLED <-> BACKDOOR webcenter v1.0 Backdoor - init connection (backdoor.rules)
 * 1:12183 <-> DISABLED <-> EXPLOIT Adobe FLV long string script data buffer overflow (exploit.rules)
 * 1:12182 <-> DISABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file magic detection (file-identify.rules)
 * 1:12014 <-> DISABLED <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:1200 <-> ENABLED <-> ATTACK-RESPONSES Invalid URL (attack-responses.rules)
 * 1:11838 <-> DISABLED <-> WEB-MISC Microsoft Windows API res buffer overflow attempt (web-misc.rules)
 * 1:11836 <-> ENABLED <-> MISC Microsoft Office Visio version number anomaly (misc.rules)
 * 1:11835 <-> ENABLED <-> POLICY Visio file download (policy.rules)
 * 1:11834 <-> DISABLED <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:10172 <-> DISABLED <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules)
 * 1:10115 <-> ENABLED <-> WEB-CLIENT Microsoft Windows WMF DOS attempt (web-client.rules)