Sourcefire VRT Rules Update

Date: 2012-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21827 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMFILES% (web-misc.rules)
 * 1:21820 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %APPDATA% (web-misc.rules)
 * 1:21826 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %LOCALAPPDATA% (web-misc.rules)
 * 1:21822 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMMONPROGRAMFILES - x86% (web-misc.rules)
 * 1:21840 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %LOGONSERVER% (web-misc.rules)
 * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21809 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21832 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %TMP% (web-misc.rules)
 * 1:21849 <-> ENABLED <-> BOTNET-CNC TDS Sutra - HTTP header redirecting to a SutraTDS (botnet-cnc.rules)
 * 1:21819 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMDATA% (web-misc.rules)
 * 1:21818 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %ALLUSERSPROFILE% (web-misc.rules)
 * 1:21831 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %TEMP% (web-misc.rules)
 * 1:21816 <-> DISABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21833 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERDATA% (web-misc.rules)
 * 1:21844 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %USERDOMAIN% (web-misc.rules)
 * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21823 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMSPEC% (web-misc.rules)
 * 1:21836 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %WINDIR% (web-misc.rules)
 * 1:21852 <-> ENABLED <-> BOTNET-CNC Trojan.Orsam variant outbound connection (botnet-cnc.rules)
 * 1:21838 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PSModulePath% (web-misc.rules)
 * 1:21815 <-> DISABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21817 <-> ENABLED <-> DNS excessive queries of type ANY - potential DoS (dns.rules)
 * 1:21825 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %HOMEPATH% (web-misc.rules)
 * 1:21843 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PROMPT% (web-misc.rules)
 * 1:21850 <-> ENABLED <-> BOTNET-CNC TDS Sutra - request hi.cgi (botnet-cnc.rules)
 * 1:21847 <-> ENABLED <-> BOTNET-CNC TDS Sutra - cookie set (botnet-cnc.rules)
 * 1:21830 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %SystemRoot% (web-misc.rules)
 * 1:21829 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %SystemDrive% (web-misc.rules)
 * 1:21851 <-> ENABLED <-> BOTNET-CNC TDS Sutra - redirect received (botnet-cnc.rules)
 * 1:21813 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21848 <-> ENABLED <-> BOTNET-CNC TDS Sutra - page redirecting to a SutraTDS (botnet-cnc.rules)
 * 1:21841 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PATH% (web-misc.rules)
 * 1:21821 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %COMMONPROGRAMFILES% (web-misc.rules)
 * 1:21808 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21834 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERNAME% (web-misc.rules)
 * 1:21837 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PUBLIC% (web-misc.rules)
 * 1:21839 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %COMPUTERNAME% (web-misc.rules)
 * 1:21828 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %PROGRAMFILES - X86% (web-misc.rules)
 * 1:21842 <-> DISABLED <-> WEB-MISC System variable in URI attempt - %PATHEXT% (web-misc.rules)
 * 1:21845 <-> ENABLED <-> BOTNET-CNC TDS Sutra - redirect received (botnet-cnc.rules)
 * 1:21812 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21824 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %HOMEDRIVE% (web-misc.rules)
 * 1:21835 <-> DISABLED <-> WEB-MISC System variable directory traversal attempt - %USERPROFILE% (web-misc.rules)
 * 1:21853 <-> DISABLED <-> POLICY ptunnel icmp proxy (policy.rules)
 * 1:21846 <-> ENABLED <-> BOTNET-CNC TDS Sutra - request in.cgi (botnet-cnc.rules)
 * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)

Modified Rules:


 * 1:9814 <-> DISABLED <-> WEB-ACTIVEX ICQPhone.SipxPhoneManager ActiveX clsid access (web-activex.rules)
 * 1:9430 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Movie link file URI security bypass attempt (web-client.rules)
 * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules)
 * 1:9847 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Saved Search download attempt (file-office.rules)
 * 1:9842 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin Universal cross-site scripting attempt (file-pdf.rules)
 * 1:9841 <-> DISABLED <-> SERVER-MAIL Micrsoft Office Outlook VEVENT overflow attempt (server-mail.rules)
 * 1:663 <-> DISABLED <-> SERVER-MAIL Sendmail rcpt to command attempt (server-mail.rules)
 * 1:7864 <-> ENABLED <-> WEB-ACTIVEX McSubMgr ActiveX CLSID access (web-activex.rules)
 * 1:3815 <-> DISABLED <-> SERVER-MAIL Kinesphere eXchange POP3 mail server overflow attempt (server-mail.rules)
 * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:21253 <-> DISABLED <-> FILE-PDF Adobe Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:2268 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too long addresses overflow (server-mail.rules)
 * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:668 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:6509 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri href buffer overflow attempt (web-client.rules)
 * 1:8053 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.PathControl ActiveX clsid access (web-activex.rules)
 * 1:670 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:3462 <-> DISABLED <-> SERVER-MAIL Microsoft Internet Explorer Content-Encoding overflow attempt (server-mail.rules)
 * 1:2278 <-> DISABLED <-> WEB-MISC client negative Content-Length attempt (web-misc.rules)
 * 1:557 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules)
 * 1:20659 <-> DISABLED <-> FILE-PDF Adobe Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:2269 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too many addresses overflow (server-mail.rules)
 * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:2266 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too long addresses overflow (server-mail.rules)
 * 1:21254 <-> ENABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules)
 * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules)
 * 1:21307 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:2181 <-> DISABLED <-> PUA-P2P BitTorrent transfer (pua-p2p.rules)
 * 1:658 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange Server 5.5 mime DOS (server-mail.rules)
 * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:7198 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing multi byte buffer over attempt (file-office.rules)
 * 1:7435 <-> ENABLED <-> WEB-ACTIVEX Dynamic Casts ActiveX clsid access (web-activex.rules)
 * 1:8416 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:20919 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader BMP color unused corruption (file-pdf.rules)
 * 1:662 <-> DISABLED <-> SERVER-MAIL Sendmail 5.5.5 exploit (server-mail.rules)
 * 1:2587 <-> DISABLED <-> PUA-P2P eDonkey server response (pua-p2p.rules)
 * 1:5999 <-> DISABLED <-> PUA-P2P Skype client login (pua-p2p.rules)
 * 1:21537 <-> ENABLED <-> FILE-PDF Possible malicious pdf cve-2010-0188 string (file-pdf.rules)
 * 1:4135 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow attempt (web-client.rules)
 * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules)
 * 1:8704 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS Banner (server-mail.rules)
 * 1:21429 <-> ENABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21302 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules)
 * 1:498 <-> ENABLED <-> INDICATOR-COMPROMISE id check returned root (indicator-compromise.rules)
 * 1:661 <-> DISABLED <-> SERVER-MAIL Majordomo ifs (server-mail.rules)
 * 1:21804 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:2270 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too long addresses overflow (server-mail.rules)
 * 1:659 <-> DISABLED <-> SERVER-MAIL Sendmail expn decode (server-mail.rules)
 * 1:21423 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules)
 * 1:21776 <-> ENABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules)
 * 1:5998 <-> DISABLED <-> PUA-P2P Skype client login startup (pua-p2p.rules)
 * 1:667 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules)
 * 1:556 <-> DISABLED <-> PUA-P2P Outbound GNUTella client request (pua-p2p.rules)
 * 1:20998 <-> ENABLED <-> FILE-PDF Adobe Reader javascript submitform memory corruption attempt (file-pdf.rules)
 * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:655 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:21803 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:665 <-> DISABLED <-> SERVER-MAIL Sendmail 5.6.5 exploit (server-mail.rules)
 * 1:2267 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too many addresses overflow (server-mail.rules)
 * 1:3680 <-> DISABLED <-> PUA-P2P AOL Instant Messenger file send attempt (pua-p2p.rules)
 * 1:8441 <-> DISABLED <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
 * 1:2262 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too long addresses overflow (server-mail.rules)
 * 1:6504 <-> DISABLED <-> WEB-CLIENT Sophos Anti-Virus CAB file overflow attempt (web-client.rules)
 * 1:21802 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:497 <-> ENABLED <-> INDICATOR-COMPROMISE file copied ok (indicator-compromise.rules)
 * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:21170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules)
 * 1:21417 <-> ENABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules)
 * 1:7027 <-> DISABLED <-> WEB-IIS Microsoft Office Frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:494 <-> ENABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules)
 * 1:20720 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:8058 <-> DISABLED <-> WEB-CLIENT Mozilla javascript navigator object access (web-client.rules)
 * 1:8705 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS buffer overflow attempt (server-mail.rules)
 * 1:7022 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Explorer invalid url file overflow attempt (web-client.rules)
 * 1:21647 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:7199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel label record overflow attempt (file-office.rules)
 * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules)
 * 1:2264 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too long addresses overflow (server-mail.rules)
 * 1:3681 <-> DISABLED <-> PUA-P2P AOL Instant Messenger file receive attempt (pua-p2p.rules)
 * 1:8711 <-> DISABLED <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules)
 * 1:21431 <-> ENABLED <-> FILE-PDF Possible malicious pdf (new pdf exploit -- file-pdf.rules)
 * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules)
 * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21422 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:5693 <-> DISABLED <-> PUA-P2P Skype client start up get latest version attempt (pua-p2p.rules)
 * 1:2180 <-> DISABLED <-> PUA-P2P BitTorrent announce request (pua-p2p.rules)
 * 1:2263 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too many addresses overflow (server-mail.rules)
 * 1:21583 <-> ENABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules)
 * 1:9129 <-> ENABLED <-> WEB-ACTIVEX WinZip FileView 6.1 ActiveX clsid access (web-activex.rules)
 * 1:5692 <-> DISABLED <-> PUA-P2P Skype client successful install (pua-p2p.rules)
 * 1:7028 <-> DISABLED <-> WEB-IIS Microsoft Office Frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules)
 * 1:21301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:8443 <-> DISABLED <-> WEB-CLIENT Mozilla regular expression heap corruption attempt (web-client.rules)
 * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules)
 * 1:671 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9c exploit (server-mail.rules)
 * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules)
 * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules)
 * 1:2123 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules)
 * 1:495 <-> DISABLED <-> INDICATOR-COMPROMISE command error (indicator-compromise.rules)
 * 1:660 <-> DISABLED <-> SERVER-MAIL expn root (server-mail.rules)
 * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules)
 * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules)
 * 1:6505 <-> DISABLED <-> WEB-CLIENT Apple QuickTime fpx file SectNumMiniFAT overflow attempt (web-client.rules)
 * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (file-office.rules)
 * 1:5694 <-> DISABLED <-> PUA-P2P Skype client setup get newest version attempt (pua-p2p.rules)
 * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:3459 <-> DISABLED <-> PUA-P2P Manolito Search Query (pua-p2p.rules)
 * 1:5712 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules)
 * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules)
 * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:657 <-> DISABLED <-> SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt (server-mail.rules)
 * 1:7020 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer isComponentInstalled function buffer overflow (web-client.rules)
 * 1:8369 <-> ENABLED <-> WEB-ACTIVEX WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (web-activex.rules)
 * 1:6414 <-> DISABLED <-> WEB-MISC Novell GroupWise Messenger Accept-Language header buffer overflow attempt (web-misc.rules)
 * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:664 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO decode attempt (server-mail.rules)
 * 1:669 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:2265 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too many addresses overflow (server-mail.rules)
 * 1:5714 <-> DISABLED <-> SERVER-MAIL Apple Safari x-unix-mode executable mail attachment (server-mail.rules)
 * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Reader PDF JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:10192 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (web-activex.rules)
 * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:7004 <-> DISABLED <-> WEB-ACTIVEX Internet.HHCtrl.1 ActiveX function call access (web-activex.rules)
 * 1:2261 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too many addresses overflow (server-mail.rules)
 * 1:7029 <-> DISABLED <-> WEB-IIS Microsoft Office Frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow (file-office.rules)
 * 1:1042 <-> DISABLED <-> WEB-IIS view source via translate header (web-iis.rules)
 * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow (file-office.rules)
 * 1:10011 <-> DISABLED <-> SERVER-MAIL Novell NetMail APPEND command buffer overflow attempt (server-mail.rules)
 * 1:11228 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 3 ActiveX clsid access (web-activex.rules)
 * 1:9640 <-> DISABLED <-> WEB-ACTIVEX ADODB.Connection ActiveX function call access (web-activex.rules)
 * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules)
 * 1:9434 <-> DISABLED <-> WEB-CLIENT Ultravox-Max-Msg header integer overflow attempt (web-client.rules)
 * 1:9637 <-> DISABLED <-> WEB-CLIENT Adobe Download Manger dm.ini stack overflow attempt (web-client.rules)
 * 1:9629 <-> DISABLED <-> WEB-ACTIVEX Citrix.ICAClient ActiveX clsid access (web-activex.rules)
 * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules)
 * 1:17704 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA file parsing buffer overflow attempt (specific-threats.rules)
 * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules)
 * 1:17726 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer address bar spoofing attempt (specific-threats.rules)
 * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules)
 * 1:17753 <-> DISABLED <-> POLICY-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (policy-multimedia.rules)
 * 1:17754 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules)
 * 1:17755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules)
 * 1:17758 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:17759 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules)
 * 1:17760 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:17763 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules)
 * 1:17764 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:17770 <-> ENABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:18065 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18066 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules)
 * 1:18068 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt  (file-office.rules)
 * 1:18097 <-> ENABLED <-> WEB-ACTIVEX VMWare Remote Console Plug-In ActiveX clsid access (web-activex.rules)
 * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:18201 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter remote code execution attempt (file-office.rules)
 * 1:18212 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules)
 * 1:18214 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules)
 * 1:18230 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:18231 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules)
 * 1:18233 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules)
 * 1:18236 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules)
 * 1:18265 <-> ENABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules)
 * 1:18297 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (web-client.rules)
 * 1:18310 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules)
 * 1:18335 <-> DISABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:18398 <-> ENABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18399 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 1:18403 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer datasrc overflow attempt (web-client.rules)
 * 1:18415 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules)
 * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:18419 <-> DISABLED <-> FILE-PDF Adobe field flags exploit attempt (file-pdf.rules)
 * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules)
 * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18454 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Reader malformed jpeg2000 superbox attempt (file-pdf.rules)
 * 1:18456 <-> ENABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules)
 * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Reader U3D rgba parsing overflow attempt (file-pdf.rules)
 * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules)
 * 1:18498 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Media Player dvr-ms file parsing remote code execution attempt (specific-threats.rules)
 * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18514 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:18527 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18536 <-> ENABLED <-> FILE-OFFICE OpenOffice.org Microsoft Word file processing integer underflow attempt (file-office.rules)
 * 1:18538 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:18541 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules)
 * 1:18585 <-> ENABLED <-> FILE-PDF Adobe Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:18590 <-> DISABLED <-> SPECIFIC-THREATS Outlook Express WAB file parsing buffer overflow attempt (specific-threats.rules)
 * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat util.printf buffer overflow attempt (file-pdf.rules)
 * 1:18632 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules)
 * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules)
 * 1:18635 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules)
 * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules)
 * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OfficeArtSpContainer record exploit attempt (file-office.rules)
 * 1:18639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CatSerRange record exploit attempt (file-office.rules)
 * 1:18642 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules)
 * 1:18702 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18703 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18704 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18705 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules)
 * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules)
 * 1:18756 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules)
 * 1:18757 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules)
 * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules)
 * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules)
 * 1:18806 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules)
 * 1:18948 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules)
 * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Reader malformed U3D integer overflow (file-pdf.rules)
 * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Reader script injection vulnerability (file-pdf.rules)
 * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules)
 * 1:19153 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules)
 * 1:19154 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules)
 * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:19171 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (web-client.rules)
 * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:19193 <-> DISABLED <-> WEB-ACTIVEX Oracle Document Capture ActiveX clsid access (web-activex.rules)
 * 1:19198 <-> ENABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX function call access (web-activex.rules)
 * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules)
 * 1:19205 <-> DISABLED <-> DOS Novell iManager Tree parameter denial of service attempt (dos.rules)
 * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules)
 * 1:19214 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:19216 <-> DISABLED <-> SPECIFIC-THREATS Google Chrome Uninitialized bug_report Pointer Code Execution (specific-threats.rules)
 * 1:19217 <-> DISABLED <-> SPECIFIC-THREATS Google Chrome Uninitialized bug_report Pointer Code Execution (specific-threats.rules)
 * 1:19219 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19222 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules)
 * 1:19226 <-> DISABLED <-> SPECIFIC-THREATS Cisco Webex Player .wrf stack buffer overflow (specific-threats.rules)
 * 1:19227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules)
 * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules)
 * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules)
 * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules)
 * 1:19248 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules)
 * 1:19250 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Reader U3D file include overflow attempt (file-pdf.rules)
 * 1:19251 <-> DISABLED <-> FILE-PDF Adobe PDF CIDFont dictionary glyph width corruption attempt (file-pdf.rules)
 * 1:19253 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules)
 * 1:19254 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules)
 * 1:19255 <-> ENABLED <-> FILE-PDF Adobe Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules)
 * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules)
 * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules)
 * 1:19304 <-> DISABLED <-> WEB-ACTIVEX Oracle EasyMail ActiveX clsid access (web-activex.rules)
 * 1:19306 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules)
 * 1:19316 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter remote code execution attempt (file-office.rules)
 * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules)
 * 1:19416 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPad download attempt (file-pdf.rules)
 * 1:19417 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPad download attempt (file-pdf.rules)
 * 1:19418 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPhone download attempt (file-pdf.rules)
 * 1:19419 <-> DISABLED <-> FILE-PDF Apple iOS 4.3.3 jailbreak for iPod download attempt (file-pdf.rules)
 * 1:19420 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19421 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19442 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:19443 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:19458 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:19459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules)
 * 1:19552 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules)
 * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules)
 * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules)
 * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules)
 * 1:19811 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules)
 * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules)
 * 1:19932 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules)
 * 1:19943 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules)
 * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME Record Memory Corruption (file-office.rules)
 * 1:20049 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules)
 * 1:20121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid AxisParent record (file-office.rules)
 * 1:20122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid AxisParent record (file-office.rules)
 * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid ShrFmla record (file-office.rules)
 * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules)
 * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat record (file-office.rules)
 * 1:20129 <-> ENABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules)
 * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Reader app.openDoc path vulnerability (file-pdf.rules)
 * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules)
 * 1:20145 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20147 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20148 <-> ENABLED <-> FILE-PDF Adobe Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules)
 * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Reader embedded PCX parsing corruption attempt (file-pdf.rules)
 * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules)
 * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules)
 * 1:20154 <-> DISABLED <-> FILE-PDF Adobe Reader glyf directory table vulnerability (file-pdf.rules)
 * 1:20155 <-> DISABLED <-> FILE-PDF Adobe Reader glyf composite vulnerability (file-pdf.rules)
 * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat getCosObj file overwrite attempt (file-pdf.rules)
 * 1:20162 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader sandbox disable attempt (file-pdf.rules)
 * 1:20169 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20170 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20171 <-> ENABLED <-> FILE-PDF Adobe Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail UNC navigation remote command execution (server-mail.rules)
 * 1:12114 <-> ENABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules)
 * 1:12115 <-> ENABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules)
 * 1:12212 <-> ENABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules)
 * 1:12213 <-> ENABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules)
 * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record (file-office.rules)
 * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability (server-mail.rules)
 * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules)
 * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules)
 * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules)
 * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules)
 * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules)
 * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules)
 * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules)
 * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules)
 * 1:1292 <-> DISABLED <-> INDICATOR-COMPROMISE directory listing (indicator-compromise.rules)
 * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules)
 * 1:13470 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules)
 * 1:13572 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:13663 <-> ENABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules)
 * 1:13665 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules)
 * 1:13843 <-> DISABLED <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules)
 * 1:13913 <-> DISABLED <-> WEB-ACTIVEX AcroPDF.PDF ActiveX function call access (web-activex.rules)
 * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules)
 * 1:13970 <-> ENABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:13971 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules)
 * 1:13972 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules)
 * 1:13981 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules)
 * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules)
 * 1:1428 <-> DISABLED <-> POLICY-MULTIMEDIA audio galaxy keepalive (policy-multimedia.rules)
 * 1:1432 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules)
 * 1:1436 <-> DISABLED <-> POLICY-MULTIMEDIA Apple Quicktime User Agent access (policy-multimedia.rules)
 * 1:1439 <-> DISABLED <-> POLICY-MULTIMEDIA Shoutcast playlist redirection (policy-multimedia.rules)
 * 1:1440 <-> DISABLED <-> POLICY-MULTIMEDIA Icecast playlist redirection (policy-multimedia.rules)
 * 1:1450 <-> DISABLED <-> SERVER-MAIL Vintra Mailserver expn *@ (server-mail.rules)
 * 1:14641 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:15080 <-> ENABLED <-> POLICY-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (policy-multimedia.rules)
 * 1:15082 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules)
 * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules)
 * 1:15106 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules)
 * 1:15108 <-> ENABLED <-> FILE-OFFICE Microsoft Office Sharepoint Server elevation of privilege exploit attempt (file-office.rules)
 * 1:15163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules)
 * 1:15241 <-> ENABLED <-> POLICY-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (policy-multimedia.rules)
 * 1:15299 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules)
 * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules)
 * 1:15303 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules)
 * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules)
 * 1:15467 <-> ENABLED <-> FILE-OFFICE Microsoft WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules)
 * 1:15469 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules)
 * 1:15473 <-> DISABLED <-> WEB-CLIENT Multiple media players M3U playlist file handling buffer overflow attempt (web-client.rules)
 * 1:15487 <-> ENABLED <-> POLICY-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (policy-multimedia.rules)
 * 1:15499 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (file-office.rules)
 * 1:15500 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules)
 * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules)
 * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules)
 * 1:15504 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules)
 * 1:15505 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules)
 * 1:15506 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules)
 * 1:15524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:15525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:15541 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:15542 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules)
 * 1:15562 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader JPX malformed code-block width attempt (file-pdf.rules)
 * 1:15681 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules)
 * 1:15728 <-> ENABLED <-> FILE-PDF Possible Adobe PDF ActionScript byte_array heap spray attempt (file-pdf.rules)
 * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF font processing memory corruption attempt (file-pdf.rules)
 * 1:15901 <-> ENABLED <-> POLICY-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (policy-multimedia.rules)
 * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules)
 * 1:15990 <-> DISABLED <-> WEB-MISC Multiple Vendor server file disclosure attempt (web-misc.rules)
 * 1:16021 <-> DISABLED <-> SPECIFIC-THREATS Apache http Server mod_tcl format string attempt (specific-threats.rules)
 * 1:16027 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp midi file header overflow attempt (web-client.rules)
 * 1:16031 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer nested object tag memory corruption attempt (web-client.rules)
 * 1:16032 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML Decoding memory corruption attempt (web-client.rules)
 * 1:16036 <-> DISABLED <-> WEB-CLIENT Mozilla Products QueryInterface method memory corruption attempt (web-client.rules)
 * 1:16037 <-> DISABLED <-> WEB-CLIENT Mozilla products graphics and XML features integer overflows attempt (web-client.rules)
 * 1:16041 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime FLIC animation file buffer overflow attempt (specific-threats.rules)
 * 1:16042 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers CSS moz-binding cross domain scripting attempt (specific-threats.rules)
 * 1:16045 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:16048 <-> DISABLED <-> WEB-CLIENT Microsoft ASP.NET application folder info disclosure attempt (web-client.rules)
 * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules)
 * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules)
 * 1:16089 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows embedded web font handling buffer overflow attempt (specific-threats.rules)
 * 1:16090 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Core XML core services XMLHTTP control open method code execution attempt (specific-threats.rules)
 * 1:16172 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D line set heap corruption attempt (file-pdf.rules)
 * 1:16173 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules)
 * 1:16174 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules)
 * 1:16175 <-> ENABLED <-> FILE-PDF Adobe collab.removeStateModel denial of service attempt (file-pdf.rules)
 * 1:16176 <-> ENABLED <-> FILE-PDF Adobe collab.addStateModel remote corruption attempt (file-pdf.rules)
 * 1:16177 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:16178 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules)
 * 1:16193 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules)
 * 1:16226 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules)
 * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules)
 * 1:16233 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules)
 * 1:16234 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules)
 * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules)
 * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules)
 * 1:16241 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules)
 * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules)
 * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules)
 * 1:16314 <-> ENABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules)
 * 1:16318 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules)
 * 1:16322 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader oversized object width attempt (file-pdf.rules)
 * 1:16323 <-> ENABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16325 <-> ENABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules)
 * 1:16333 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules)
 * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules)
 * 1:16373 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D CLODMeshContinuation code execution attempt (file-pdf.rules)
 * 1:16409 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules)
 * 1:16410 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules)
 * 1:16411 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules)
 * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record (file-office.rules)
 * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:16461 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:16462 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules)
 * 1:16463 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules)
 * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules)
 * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules)
 * 1:16466 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules)
 * 1:16467 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules)
 * 1:16468 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules)
 * 1:16469 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules)
 * 1:16470 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:16471 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:16490 <-> ENABLED <-> FILE-PDF Adobe Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16535 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules)
 * 1:16536 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules)
 * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules)
 * 1:16553 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules)
 * 1:16586 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules)
 * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules)
 * 1:16633 <-> ENABLED <-> FILE-PDF Adobe PDF File containing Flash use-after-free attack (file-pdf.rules)
 * 1:16644 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:16645 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:16646 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules)
 * 1:16648 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules)
 * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules)
 * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules)
 * 1:16800 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:16801 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules)
 * 1:17034 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17035 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17036 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17038 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules)
 * 1:17039 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules)
 * 1:17119 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules)
 * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out-of-bounds structure read memory corruption attempt (file-office.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules)
 * 1:17239 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server CREATE command buffer overflow attempt (server-mail.rules)
 * 1:17240 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules)
 * 1:17260 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (specific-threats.rules)
 * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules)
 * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules)
 * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules)
 * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules)
 * 1:17288 <-> ENABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:17289 <-> DISABLED <-> SPECIFIC-THREATS GNU gzip LZH decompression make_table overflow attempt (specific-threats.rules)
 * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules)
 * 1:17296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access XSRF attempt (file-office.rules)
 * 1:17301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules)
 * 1:17308 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17309 <-> DISABLED <-> SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow (specific-threats.rules)
 * 1:17310 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer Memory Allocation Code Execution (file-office.rules)
 * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17328 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules)
 * 1:17331 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules)
 * 1:17334 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer SWF Flash File buffer overflow attempt (specific-threats.rules)
 * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules)
 * 1:17362 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules)
 * 1:17368 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules)
 * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules)
 * 1:17383 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules)
 * 1:17389 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox DOMNodeRemoved attack attempt (specific-threats.rules)
 * 1:17404 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17406 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17407 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17430 <-> ENABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules)
 * 1:17471 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:17472 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules)
 * 1:17487 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (web-client.rules)
 * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:17490 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (specific-threats.rules)
 * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules)
 * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules)
 * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules)
 * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules)
 * 1:17503 <-> ENABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules)
 * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules)
 * 1:17512 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17513 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17514 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17515 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17516 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules)
 * 1:17526 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules)
 * 1:17537 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17538 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17539 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17540 <-> DISABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17541 <-> DISABLED <-> SPECIFIC-THREATS Avast! Antivirus Engine Remote LHA buffer overflow attempt (specific-threats.rules)
 * 1:17542 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules)
 * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules)
 * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17560 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Global Array Index Heap Overflow attempt (file-office.rules)
 * 1:17565 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules)
 * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules)
 * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules)
 * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules)
 * 1:17580 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules)
 * 1:17581 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox tag order memory corruption attempt (specific-threats.rules)
 * 1:17591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Crafted Sprm memory corruption attempt (file-office.rules)
 * 1:17604 <-> DISABLED <-> SPECIFIC-THREATS Java AWT ConvolveOp memory corruption attempt (specific-threats.rules)
 * 1:17646 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules)
 * 1:17649 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules)
 * 1:17655 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules)
 * 1:17656 <-> DISABLED <-> WEB-MISC Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (web-misc.rules)
 * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules)
 * 1:17666 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer invalid chunk size heap overflow attempt (web-client.rules)
 * 1:17690 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17691 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17695 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules)
 * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules)