Sourcefire VRT Rules Update

Date: 2012-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21269 <-> ENABLED <-> BOTNET-CNC W32.Cycbot variant outbound connection (botnet-cnc.rules)
 * 1:21268 <-> DISABLED <-> EXPLOIT Oracle Java RMI services remote object executation attempt (exploit.rules)
 * 1:21267 <-> DISABLED <-> POLICY TRENDnet IP Camera anonymous access attempt (policy.rules)
 * 1:21266 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Morfeus Scanner (blacklist.rules)
 * 1:21265 <-> DISABLED <-> SHELLCODE Piecemeal exploit and shellcode construction (shellcode.rules)
 * 1:21264 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Internet Security 2004 ActiveX function call (web-activex.rules)
 * 1:21263 <-> DISABLED <-> EXPLOIT Embarcadero Interbase connect request buffer overflow attempt (exploit.rules)
 * 1:21262 <-> DISABLED <-> SPECIFIC-THREATS NETBIOS DCERPC ISystemActivate flood attempt (specific-threats.rules)
 * 1:21261 <-> DISABLED <-> WEB-CLIENT Xitami if-modified-since header buffer overflow attempt (web-client.rules)
 * 1:21260 <-> DISABLED <-> SPECIFIC-THREATS Apache Byte-Range Filter denial of service attempt (specific-threats.rules)

Modified Rules:


 * 1:1001 <-> DISABLED <-> WEB-MISC carbo.dll access (web-misc.rules)
 * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
 * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules)
 * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules)
 * 1:10063 <-> DISABLED <-> WEB-CLIENT Firefox query interface suspicious function call access attempt (web-client.rules)
 * 1:10064 <-> DISABLED <-> EXPLOIT Peercast URL Parameter overflow attempt (exploit.rules)
 * 1:10065 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10066 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10067 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10068 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10069 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10070 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10071 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10072 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10073 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10074 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10075 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10076 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10077 <-> ENABLED <-> SPECIFIC-THREATS Trojan Peacomm smtp propagation detection (specific-threats.rules)
 * 1:10078 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10079 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10080 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10081 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10082 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10083 <-> ENABLED <-> SPECIFIC-THREATS W32.Nuwar.AY smtp propagation detection (specific-threats.rules)
 * 1:10088 <-> DISABLED <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by smtp (spyware-put.rules)
 * 1:10089 <-> DISABLED <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by ftp (spyware-put.rules)
 * 1:10090 <-> DISABLED <-> SPYWARE-PUT Trickler zango easymessenger runtime detection (spyware-put.rules)
 * 1:10091 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool spylply.a runtime detection (spyware-put.rules)
 * 1:10092 <-> DISABLED <-> SPYWARE-PUT Trackware russian searchbar runtime detection (spyware-put.rules)
 * 1:10093 <-> DISABLED <-> SPYWARE-PUT Hijacker kuaiso toolbar runtime detection (spyware-put.rules)
 * 1:10094 <-> DISABLED <-> SPYWARE-PUT Adware borlan runtime detection (spyware-put.rules)
 * 1:10095 <-> DISABLED <-> SPYWARE-PUT Trackware bydou runtime detection (spyware-put.rules)
 * 1:10096 <-> DISABLED <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - keylog (spyware-put.rules)
 * 1:10097 <-> DISABLED <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection (spyware-put.rules)
 * 1:10098 <-> DISABLED <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - get system info (spyware-put.rules)
 * 1:10099 <-> DISABLED <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection (spyware-put.rules)
 * 1:10100 <-> DISABLED <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - open website (spyware-put.rules)
 * 1:10101 <-> DISABLED <-> BACKDOOR crossfires trojan 3.0 runtime detection - delete file (backdoor.rules)
 * 1:10102 <-> DISABLED <-> BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (backdoor.rules)
 * 1:10103 <-> DISABLED <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules)
 * 1:10104 <-> DISABLED <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules)
 * 1:10105 <-> DISABLED <-> BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (backdoor.rules)
 * 1:10109 <-> DISABLED <-> BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (backdoor.rules)
 * 1:10110 <-> DISABLED <-> BACKDOOR poison ivy 2.1.2 runtime detection (backdoor.rules)
 * 1:10111 <-> DISABLED <-> BACKDOOR poison ivy 2.1.2 runtime detection - init connection (backdoor.rules)
 * 1:10112 <-> DISABLED <-> BACKDOOR rix3 1.0 runtime detection - init connection (backdoor.rules)
 * 1:10113 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules)
 * 1:10114 <-> ENABLED <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules)
 * 1:10115 <-> DISABLED <-> WEB-CLIENT Microsoft Windows WMF DOS attempt (web-client.rules)
 * 1:10116 <-> ENABLED <-> WEB-CLIENT AIM GoChat URL access attempt (web-client.rules)
 * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules)
 * 1:10126 <-> DISABLED <-> WEB-CLIENT  QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules)
 * 1:10132 <-> DISABLED <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
 * 1:10133 <-> DISABLED <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
 * 1:10164 <-> DISABLED <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules)
 * 1:10165 <-> DISABLED <-> SPYWARE-PUT Keylogger mybr Keylogger runtime detection (spyware-put.rules)
 * 1:10166 <-> DISABLED <-> SPYWARE-PUT Trackware baigoo runtime detection (spyware-put.rules)
 * 1:10179 <-> DISABLED <-> SPYWARE-PUT Trackware bysoo runtime detection (spyware-put.rules)
 * 1:10180 <-> DISABLED <-> SPYWARE-PUT Adware eqiso runtime detection (spyware-put.rules)
 * 1:10181 <-> DISABLED <-> SPYWARE-PUT Keylogger systemsleuth runtime detection (spyware-put.rules)
 * 1:10182 <-> DISABLED <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules)
 * 1:10183 <-> DISABLED <-> SPYWARE-PUT Keylogger activity Keylogger runtime detection (spyware-put.rules)
 * 1:10186 <-> DISABLED <-> SMTP ClamAV mime parsing directory traversal (smtp.rules)
 * 1:10196 <-> DISABLED <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules)
 * 1:10197 <-> DISABLED <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules)
 * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules)
 * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
 * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules)
 * 1:10408 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:10409 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
 * 1:10410 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:10411 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
 * 1:10435 <-> DISABLED <-> SPYWARE-PUT Trackware admedia runtime detection (spyware-put.rules)
 * 1:10436 <-> DISABLED <-> SPYWARE-PUT Keylogger keyspy runtime detection (spyware-put.rules)
 * 1:10437 <-> DISABLED <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules)
 * 1:10438 <-> DISABLED <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules)
 * 1:10439 <-> DISABLED <-> SPYWARE-PUT Adware mokead runtime detection (spyware-put.rules)
 * 1:10440 <-> DISABLED <-> SPYWARE-PUT Keylogger pc black box runtime detection (spyware-put.rules)
 * 1:10441 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool statwin runtime detection (spyware-put.rules)
 * 1:10442 <-> DISABLED <-> BACKDOOR nirvana 2.0 runtime detection - explore c drive (backdoor.rules)
 * 1:10444 <-> DISABLED <-> BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (backdoor.rules)
 * 1:10445 <-> DISABLED <-> BACKDOOR acidbattery 1.0 runtime detection - get password (backdoor.rules)
 * 1:10448 <-> DISABLED <-> BACKDOOR acessor 2.0 runtime detection - init connection (backdoor.rules)
 * 1:10449 <-> DISABLED <-> BACKDOOR acid shivers runtime detection - init telnet connection (backdoor.rules)
 * 1:10450 <-> DISABLED <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules)
 * 1:10453 <-> DISABLED <-> BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (backdoor.rules)
 * 1:10454 <-> DISABLED <-> BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (backdoor.rules)
 * 1:10455 <-> DISABLED <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules)
 * 1:10456 <-> DISABLED <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules)
 * 1:10457 <-> DISABLED <-> BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (backdoor.rules)
 * 1:10458 <-> DISABLED <-> BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (backdoor.rules)
 * 1:10459 <-> DISABLED <-> BACKDOOR wineggdrop shell pro runtime detection - init connection (backdoor.rules)
 * 1:10460 <-> DISABLED <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules)
 * 1:10461 <-> DISABLED <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules)
 * 1:10462 <-> DISABLED <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules)
 * 1:10463 <-> DISABLED <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules)
 * 1:10482 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp request (rpc.rules)
 * 1:10483 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules)
 * 1:10484 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (rpc.rules)
 * 1:10485 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules)
 * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules)
 * 1:10504 <-> DISABLED <-> SHELLCODE unescape encoded shellcode (shellcode.rules)
 * 1:10505 <-> DISABLED <-> SHELLCODE unescape encoded shellcode (shellcode.rules)
 * 1:10997 <-> DISABLED <-> WEB-MISC SSLv2 OpenSSl KEY_ARG buffer overflow attempt (web-misc.rules)
 * 1:11000 <-> DISABLED <-> ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (oracle.rules)
 * 1:11073 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (netbios.rules)
 * 1:11074 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (netbios.rules)
 * 1:11185 <-> DISABLED <-> DOS CA eTrust key handling dos (username -- dos.rules)
 * 1:11186 <-> DISABLED <-> DOS CA eTrust key handling dos (password -- dos.rules)
 * 1:11203 <-> DISABLED <-> ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (oracle.rules)
 * 1:11205 <-> DISABLED <-> ORACLE sys.dbms_upgrade_internal access attempt (oracle.rules)
 * 1:11222 <-> ENABLED <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules)
 * 1:11258 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Named Graph Information unicode overflow (web-client.rules)
 * 1:11267 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop PNG file handling stack buffer overflow attempt (web-client.rules)
 * 1:11288 <-> DISABLED <-> RPC portmap mountd tcp request (rpc.rules)
 * 1:11289 <-> DISABLED <-> RPC portmap mountd tcp zero-length payload denial of service attempt (rpc.rules)
 * 1:11290 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11305 <-> DISABLED <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - send log through smtp (spyware-put.rules)
 * 1:11306 <-> DISABLED <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules)
 * 1:11307 <-> DISABLED <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules)
 * 1:11308 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spydawn runtime detection - update checking (spyware-put.rules)
 * 1:11309 <-> DISABLED <-> SPYWARE-PUT Keylogger sskc v2.0 runtime detection (spyware-put.rules)
 * 1:11310 <-> DISABLED <-> SPYWARE-PUT Trickler iowa webdownloader - icq notification (spyware-put.rules)
 * 1:11311 <-> DISABLED <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules)
 * 1:11312 <-> DISABLED <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules)
 * 1:11313 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spywarelocker 3.3 runtime detection - update checking (spyware-put.rules)
 * 1:11314 <-> DISABLED <-> BACKDOOR shadownet remote spy 2.0 runtime detection (backdoor.rules)
 * 1:11316 <-> DISABLED <-> BACKDOOR lurker 1.1 runtime detection - init connection (backdoor.rules)
 * 1:11318 <-> DISABLED <-> BACKDOOR boer runtime detection - init connection (backdoor.rules)
 * 1:11319 <-> DISABLED <-> BACKDOOR netwindow runtime detection - init connection request (backdoor.rules)
 * 1:11320 <-> DISABLED <-> BACKDOOR netwindow runtime detection - reverse mode init connection request (backdoor.rules)
 * 1:11321 <-> DISABLED <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules)
 * 1:11322 <-> DISABLED <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
 * 1:11323 <-> DISABLED <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
 * 1:1133 <-> DISABLED <-> SCAN cybercop os probe (scan.rules)
 * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:1156 <-> DISABLED <-> WEB-MISC apache directory disclosure attempt (web-misc.rules)
 * 1:11680 <-> DISABLED <-> WEB-MISC Oracle Java web proxy sockd buffer overflow attempt (web-misc.rules)
 * 1:11682 <-> DISABLED <-> SPECIFIC-THREATS Metasploit niprint_lpd module attack attempt (specific-threats.rules)
 * 1:11683 <-> DISABLED <-> SPECIFIC-THREATS CA BrightStor Agent for Microsoft SQL overflow attempt (specific-threats.rules)
 * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules)
 * 1:11837 <-> DISABLED <-> SMTP Microsoft Windows Mail UNC navigation remote command execution (smtp.rules)
 * 1:11843 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (netbios.rules)
 * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules)
 * 1:11947 <-> DISABLED <-> WEB-CLIENT Microsoft Windows schannel security package (web-client.rules)
 * 1:11948 <-> DISABLED <-> SPYWARE-PUT Hijacker snap toolbar runtime detection - cookie (spyware-put.rules)
 * 1:11949 <-> DISABLED <-> BACKDOOR lame rat v1.0 runtime detection (backdoor.rules)
 * 1:11950 <-> DISABLED <-> BACKDOOR killav_gj (backdoor.rules)
 * 1:11951 <-> DISABLED <-> BACKDOOR winshadow runtime detection - init connection request (backdoor.rules)
 * 1:11952 <-> DISABLED <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules)
 * 1:11953 <-> DISABLED <-> BACKDOOR supervisor plus runtime detection (backdoor.rules)
 * 1:11954 <-> DISABLED <-> BACKDOOR supervisor plus runtime detection (backdoor.rules)
 * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:1200 <-> DISABLED <-> ATTACK-RESPONSES Invalid URL (attack-responses.rules)
 * 1:1201 <-> DISABLED <-> ATTACK-RESPONSES 403 Forbidden (attack-responses.rules)
 * 1:12043 <-> DISABLED <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules)
 * 1:12044 <-> DISABLED <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules)
 * 1:12045 <-> DISABLED <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules)
 * 1:12046 <-> DISABLED <-> RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (rpc.rules)
 * 1:12047 <-> DISABLED <-> SPYWARE-PUT Adware yayad runtime detection (spyware-put.rules)
 * 1:12048 <-> DISABLED <-> SPYWARE-PUT Keylogger computer Keylogger runtime detection (spyware-put.rules)
 * 1:12049 <-> DISABLED <-> SPYWARE-PUT Keylogger apophis spy 1.0 runtime detection (spyware-put.rules)
 * 1:12050 <-> DISABLED <-> SPYWARE-PUT Hijacker ez-greets toolbar runtime detection (spyware-put.rules)
 * 1:12051 <-> DISABLED <-> BACKDOOR ultimate rat 2.1 runtime detection (backdoor.rules)
 * 1:12052 <-> DISABLED <-> BACKDOOR the[x] 1.2 runtime detection - execute command (backdoor.rules)
 * 1:12053 <-> DISABLED <-> BACKDOOR trail of destruction 2.0 runtime detection - get system info (backdoor.rules)
 * 1:12054 <-> DISABLED <-> BACKDOOR tron runtime detection - init connection - flowbit set (backdoor.rules)
 * 1:12055 <-> DISABLED <-> BACKDOOR tron runtime detection - init connection (backdoor.rules)
 * 1:12056 <-> DISABLED <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules)
 * 1:12065 <-> DISABLED <-> POLICY Outbound Teredo traffic detected (policy.rules)
 * 1:12066 <-> DISABLED <-> POLICY Inbound Teredo traffic detected (policy.rules)
 * 1:12067 <-> DISABLED <-> POLICY Outbound Teredo traffic detected (policy.rules)
 * 1:12068 <-> DISABLED <-> POLICY Inbound Teredo traffic detected (policy.rules)
 * 1:12075 <-> DISABLED <-> RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (rpc.rules)
 * 1:12076 <-> DISABLED <-> DOS Ipswitch WS_FTP log server long unicode string (dos.rules)
 * 1:12081 <-> DISABLED <-> EXPLOIT BakBone NetVault server heap overflow attempt (exploit.rules)
 * 1:12082 <-> DISABLED <-> ORACLE Oracle 9i TNS denial of service attempt (oracle.rules)
 * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules)
 * 1:12120 <-> DISABLED <-> SPYWARE-PUT Adware pprich runtime detection - version check (spyware-put.rules)
 * 1:12121 <-> DISABLED <-> SPYWARE-PUT Adware pprich runtime detection - udp info sent out (spyware-put.rules)
 * 1:12122 <-> DISABLED <-> SPYWARE-PUT Trackware spynova runtime detection (spyware-put.rules)
 * 1:12123 <-> DISABLED <-> SPYWARE-PUT Hijacker lookquick runtime detection - hijack ie (spyware-put.rules)
 * 1:12124 <-> DISABLED <-> SPYWARE-PUT Hijacker lookquick runtime detection - monitor and collect user info (spyware-put.rules)
 * 1:12125 <-> DISABLED <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - hijack ie search assistant (spyware-put.rules)
 * 1:12126 <-> DISABLED <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - collect user information (spyware-put.rules)
 * 1:12127 <-> DISABLED <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - ads (spyware-put.rules)
 * 1:12128 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - init connection (spyware-put.rules)
 * 1:12129 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - get sys info (spyware-put.rules)
 * 1:12130 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - get sys info (spyware-put.rules)
 * 1:12131 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - keylogging (spyware-put.rules)
 * 1:12132 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - keylogging (spyware-put.rules)
 * 1:12133 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - open url (spyware-put.rules)
 * 1:12134 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - open url (spyware-put.rules)
 * 1:12135 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - fun (spyware-put.rules)
 * 1:12136 <-> DISABLED <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - fun (spyware-put.rules)
 * 1:12137 <-> DISABLED <-> SPYWARE-PUT Keylogger Keylogger king home 2.3 runtime detection (spyware-put.rules)
 * 1:12138 <-> DISABLED <-> SPYWARE-PUT Adware zamingo runtime detection (spyware-put.rules)
 * 1:12139 <-> DISABLED <-> SPYWARE-PUT Trackware stealth website logger 3.4 runtime detection (spyware-put.rules)
 * 1:12140 <-> DISABLED <-> SPYWARE-PUT Hijacker cnnic update runtime detection (spyware-put.rules)
 * 1:12141 <-> DISABLED <-> SPYWARE-PUT Keylogger logit v1.0 runtime detection (spyware-put.rules)
 * 1:12142 <-> DISABLED <-> BACKDOOR access remote pc runtime detection - init connection (backdoor.rules)
 * 1:12143 <-> DISABLED <-> BACKDOOR access remote pc runtime detection - init connection (backdoor.rules)
 * 1:12144 <-> DISABLED <-> BACKDOOR access remote pc runtime detection - rpc setup (backdoor.rules)
 * 1:12145 <-> DISABLED <-> BACKDOOR access remote pc runtime detection - rpc setup (backdoor.rules)
 * 1:12146 <-> DISABLED <-> BACKDOOR blue eye 1.0b runtime detection - init connection (backdoor.rules)
 * 1:12147 <-> DISABLED <-> BACKDOOR blue eye 1.0b runtime detection - init connection (backdoor.rules)
 * 1:12148 <-> DISABLED <-> BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (backdoor.rules)
 * 1:12149 <-> DISABLED <-> BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (backdoor.rules)
 * 1:12150 <-> DISABLED <-> BACKDOOR cafeini 1.0 runtime detection - init connection (backdoor.rules)
 * 1:12151 <-> DISABLED <-> BACKDOOR cafeini 1.0 runtime detection (backdoor.rules)
 * 1:12152 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - init connection (backdoor.rules)
 * 1:12153 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - download file (backdoor.rules)
 * 1:12154 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - download file (backdoor.rules)
 * 1:12155 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - download file (backdoor.rules)
 * 1:12156 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - upload file (backdoor.rules)
 * 1:12157 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - upload file (backdoor.rules)
 * 1:12158 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - upload file (backdoor.rules)
 * 1:12159 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - keylogging (backdoor.rules)
 * 1:12160 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - screen capturing (backdoor.rules)
 * 1:12161 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - screen capturing (backdoor.rules)
 * 1:12162 <-> DISABLED <-> BACKDOOR optix pro v1.32 runtime detection - screen capturing (backdoor.rules)
 * 1:12163 <-> DISABLED <-> BACKDOOR cobra uploader 1.0 runtime detection (backdoor.rules)
 * 1:12164 <-> DISABLED <-> BACKDOOR cobra uploader 1.0 runtime detection (backdoor.rules)
 * 1:12165 <-> DISABLED <-> BACKDOOR lithium 1.02 runtime detection (backdoor.rules)
 * 1:12166 <-> DISABLED <-> BACKDOOR lithium 1.02 runtime detection (backdoor.rules)
 * 1:12185 <-> DISABLED <-> RPC portmap 2112 tcp request (rpc.rules)
 * 1:12186 <-> DISABLED <-> RPC portmap 2112 udp request (rpc.rules)
 * 1:12209 <-> DISABLED <-> POLICY P2PTv TVAnt udp traffic detected (policy.rules)
 * 1:1221 <-> DISABLED <-> WEB-MISC Muscat Empower cgi access (web-misc.rules)
 * 1:12210 <-> DISABLED <-> POLICY P2PTv TVAnts TCP tracker connect traffic detected (policy.rules)
 * 1:12211 <-> DISABLED <-> POLICY P2PTv TVAnts TCP connection traffic detected (policy.rules)
 * 1:12224 <-> DISABLED <-> SPYWARE-PUT Adware enbrowser snackman runtime detection (spyware-put.rules)
 * 1:12225 <-> DISABLED <-> SPYWARE-PUT Adware zango2007 toolbar runtime detection (spyware-put.rules)
 * 1:12226 <-> DISABLED <-> SPYWARE-PUT Keylogger overspy runtime detection (spyware-put.rules)
 * 1:12227 <-> DISABLED <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - search (spyware-put.rules)
 * 1:12228 <-> DISABLED <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (spyware-put.rules)
 * 1:12229 <-> DISABLED <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules)
 * 1:12230 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool hippynotify 2.0 runtime detection (spyware-put.rules)
 * 1:12231 <-> DISABLED <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules)
 * 1:12232 <-> DISABLED <-> SPYWARE-PUT Adware errorsafe runtime detection (spyware-put.rules)
 * 1:12233 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules)
 * 1:12234 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules)
 * 1:12235 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules)
 * 1:12236 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules)
 * 1:12237 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules)
 * 1:12238 <-> DISABLED <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules)
 * 1:13503 <-> DISABLED <-> SPYWARE-PUT Hijacker dealio toolbar runtime detection user-agent detected (spyware-put.rules)
 * 1:13504 <-> DISABLED <-> SPYWARE-PUT Adware iedefender runtime detection - presale request (spyware-put.rules)
 * 1:13505 <-> DISABLED <-> SPYWARE-PUT Adware iedefender runtime detection - update (spyware-put.rules)
 * 1:13506 <-> DISABLED <-> BACKDOOR evilotus 1.3.2 runtime detection - init connection (backdoor.rules)
 * 1:13507 <-> DISABLED <-> BACKDOOR evilotus 1.3.2 runtime detection - init connection (backdoor.rules)
 * 1:13508 <-> DISABLED <-> BACKDOOR xploit 1.4.5 runtime detection (backdoor.rules)
 * 1:13509 <-> DISABLED <-> BACKDOOR xploit 1.4.5 pc runtime detection (backdoor.rules)
 * 1:13556 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 (spyware-put.rules)
 * 1:13557 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules)
 * 1:13558 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules)
 * 1:13559 <-> DISABLED <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - initial connection (spyware-put.rules)
 * 1:13560 <-> DISABLED <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - search traffic (spyware-put.rules)
 * 1:13561 <-> DISABLED <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules)
 * 1:13562 <-> DISABLED <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules)
 * 1:13563 <-> DISABLED <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules)
 * 1:13564 <-> DISABLED <-> SPYWARE-PUT Adware system doctor runtime detection - update status (spyware-put.rules)
 * 1:13565 <-> DISABLED <-> SPYWARE-PUT Trickler iecodec runtime detection - initial traffic (spyware-put.rules)
 * 1:13566 <-> DISABLED <-> SPYWARE-PUT Trickler iecodec runtime detection - message dialog (spyware-put.rules)
 * 1:13567 <-> DISABLED <-> SPYWARE-PUT Keylogger msn spy monitor runtime detection (spyware-put.rules)
 * 1:13568 <-> DISABLED <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules)
 * 1:13569 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel macro validation arbitrary code execution attempt (web-client.rules)
 * 1:13570 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel cf record arbitrary code excecution attempt (web-client.rules)
 * 1:13571 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel dval record arbitrary code excecution attempt (web-client.rules)
 * 1:13573 <-> DISABLED <-> WEB-CLIENT Microsoft Outlook arbitrary command line attempt (web-client.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> DISABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13616 <-> DISABLED <-> SPECIFIC-THREATS CVS Argument overflow (specific-threats.rules)
 * 1:13617 <-> DISABLED <-> SPECIFIC-THREATS Oracle database version 8 username buffer overflow attempt (specific-threats.rules)
 * 1:13619 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows getBulkRequest memory corruption attempt (specific-threats.rules)
 * 1:13625 <-> DISABLED <-> BACKDOOR MBR rootkit HTTP POST activity detected (backdoor.rules)
 * 1:13635 <-> DISABLED <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - get malicious link (spyware-put.rules)
 * 1:13636 <-> DISABLED <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - download malicious link (spyware-put.rules)
 * 1:13637 <-> DISABLED <-> SPYWARE-PUT Adware virus heat runtime detection - presale request (spyware-put.rules)
 * 1:13638 <-> DISABLED <-> SPYWARE-PUT Adware virus heat runtime detection - initial database connection (spyware-put.rules)
 * 1:13639 <-> DISABLED <-> SPYWARE-PUT Hijacker locmag toolbar runtime detection - connection to toolbar (spyware-put.rules)
 * 1:13640 <-> DISABLED <-> SPYWARE-PUT Hijacker locmag toolbar runtime detection - hijacks address bar (spyware-put.rules)
 * 1:13641 <-> DISABLED <-> SPYWARE-PUT Hijacker eclickz toolbar runtime detection - search traffic (spyware-put.rules)
 * 1:13642 <-> DISABLED <-> SPYWARE-PUT Keylogger easy Keylogger runtime detection (spyware-put.rules)
 * 1:13643 <-> DISABLED <-> SPYWARE-PUT Hijacker zztoolbar runtime detection - toolbar traffic (spyware-put.rules)
 * 1:13644 <-> DISABLED <-> SPYWARE-PUT Hijacker zztoolbar runtime detection - search traffic (spyware-put.rules)
 * 1:13645 <-> DISABLED <-> SPYWARE-PUT Hijacker mxs toolbar runtime detection (spyware-put.rules)
 * 1:13646 <-> DISABLED <-> SPYWARE-PUT Adware registry defender runtime detection - presale request (spyware-put.rules)
 * 1:13647 <-> DISABLED <-> SPYWARE-PUT Adware registry defender runtime detection - error report request (spyware-put.rules)
 * 1:13648 <-> DISABLED <-> SPYWARE-PUT Hijacker mysearch bar 2.0.2.28 runtime detection (spyware-put.rules)
 * 1:13649 <-> DISABLED <-> SPYWARE-PUT Adware spyware stop runtime detection - presale request (spyware-put.rules)
 * 1:13650 <-> DISABLED <-> SPYWARE-PUT Adware spyware stop runtime detection - auto updates (spyware-put.rules)
 * 1:13651 <-> DISABLED <-> SPYWARE-PUT Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (spyware-put.rules)
 * 1:13652 <-> DISABLED <-> SPYWARE-PUT Keylogger all in one Keylogger runtime detection (spyware-put.rules)
 * 1:13653 <-> DISABLED <-> SPYWARE-PUT Adware cashfiesta adbar runtime detection - updates traffic (spyware-put.rules)
 * 1:13654 <-> DISABLED <-> BACKDOOR nuclear rat 2.1 runtime detection - init connection (backdoor.rules)
 * 1:13655 <-> DISABLED <-> BACKDOOR nuclear rat 2.1 runtime detection - init connection (backdoor.rules)
 * 1:13677 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer data stream memory corruption attempt (exploit.rules)
 * 1:13678 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file download request (file-identify.rules)
 * 1:13696 <-> DISABLED <-> POLICY TOR proxy connection initiation (policy.rules)
 * 1:13697 <-> DISABLED <-> POLICY TOR proxy connection initiation - alternate port (policy.rules)
 * 1:13698 <-> DISABLED <-> POLICY TOR proxy connection initiation - second alternate port (policy.rules)
 * 1:13716 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (rpc.rules)
 * 1:13717 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (rpc.rules)
 * 1:13762 <-> DISABLED <-> SPYWARE-PUT Adware system defender runtime detection (spyware-put.rules)
 * 1:13765 <-> DISABLED <-> SPYWARE-PUT Adware winxdefender runtime detection - presale request (spyware-put.rules)
 * 1:13766 <-> DISABLED <-> SPYWARE-PUT Adware winxdefender runtime detection - auto update (spyware-put.rules)
 * 1:13767 <-> DISABLED <-> SPYWARE-PUT Keylogger cyber sitter runtime detection (spyware-put.rules)
 * 1:13768 <-> DISABLED <-> SPYWARE-PUT Keylogger cyber sitter runtime detection (spyware-put.rules)
 * 1:13769 <-> DISABLED <-> SPYWARE-PUT Hijacker searchnine toolbar runtime detection - hijacks address bar (spyware-put.rules)
 * 1:13770 <-> DISABLED <-> SPYWARE-PUT Hijacker searchnine toolbar runtime detection - redirects search function (spyware-put.rules)
 * 1:13771 <-> DISABLED <-> SPYWARE-PUT Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (spyware-put.rules)
 * 1:13772 <-> DISABLED <-> SPYWARE-PUT Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (spyware-put.rules)
 * 1:13774 <-> DISABLED <-> SPYWARE-PUT Trickler trojan ecodec runtime detection - initial server connection #1 (spyware-put.rules)
 * 1:13775 <-> DISABLED <-> SPYWARE-PUT Trickler trojan ecodec runtime detection - initial server connection #2 (spyware-put.rules)
 * 1:13776 <-> DISABLED <-> SPYWARE-PUT Trackware syscleaner runtime detection - presale traffic (spyware-put.rules)
 * 1:13777 <-> DISABLED <-> SPYWARE-PUT Trackware syscleaner runtime detection - get update (spyware-put.rules)
 * 1:13778 <-> DISABLED <-> SPYWARE-PUT Keylogger kgb employee monitor runtime detection (spyware-put.rules)
 * 1:13779 <-> DISABLED <-> SPYWARE-PUT Trackware proofile toolbar runtime detection (spyware-put.rules)
 * 1:13780 <-> DISABLED <-> SPYWARE-PUT Hijacker find.fm toolbar runtime detection - automatic updates (spyware-put.rules)
 * 1:13781 <-> DISABLED <-> SPYWARE-PUT Hijacker find.fm toolbar runtime detection - hijacks address bar (spyware-put.rules)
 * 1:13782 <-> DISABLED <-> SPYWARE-PUT Hijacker ezreward runtime detection (spyware-put.rules)
 * 1:13797 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detection (file-identify.rules)
 * 1:13805 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (rpc.rules)
 * 1:13806 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (rpc.rules)
 * 1:13808 <-> DISABLED <-> SPYWARE-PUT Adware ie antivirus runtime detection - presale request (spyware-put.rules)
 * 1:13809 <-> DISABLED <-> SPYWARE-PUT Adware ie antivirus runtime detection - update request (spyware-put.rules)
 * 1:13810 <-> DISABLED <-> SPYWARE-PUT Trickler Adware.Win32.Ejik runtime detection - udp payload (spyware-put.rules)
 * 1:13811 <-> DISABLED <-> SPYWARE-PUT Adware xp antivirus runtime detection (spyware-put.rules)
 * 1:13812 <-> DISABLED <-> SPYWARE-PUT Keylogger refog Keylogger runtime detection (spyware-put.rules)
 * 1:13813 <-> DISABLED <-> SPYWARE-PUT Trickler mm.exe runtime detection (spyware-put.rules)
 * 1:12239 <-> DISABLED <-> BACKDOOR webcenter v1.0 Backdoor - init connection (backdoor.rules)
 * 1:12240 <-> DISABLED <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules)
 * 1:12241 <-> DISABLED <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules)
 * 1:12242 <-> DISABLED <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules)
 * 1:12243 <-> DISABLED <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules)
 * 1:12244 <-> DISABLED <-> BACKDOOR itadem trojan 3.0 runtime detection (backdoor.rules)
 * 1:12245 <-> DISABLED <-> BACKDOOR furax 1.0 b3 runtime detection (backdoor.rules)
 * 1:1225 <-> DISABLED <-> X11 MIT Magic Cookie detected (x11.rules)
 * 1:12255 <-> DISABLED <-> WEB-CGI CSGuestbook setup attempt (web-cgi.rules)
 * 1:12256 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel malformed FBI record (web-client.rules)
 * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules)
 * 1:12278 <-> DISABLED <-> POLICY Microsoft Media Player compressed skin download - .wmz (policy.rules)
 * 1:12280 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12281 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12282 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12283 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detection (file-identify.rules)
 * 1:12284 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (web-client.rules)
 * 1:12286 <-> DISABLED <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules)
 * 1:12287 <-> DISABLED <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - ebrss request (spyware-put.rules)
 * 1:12288 <-> DISABLED <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - hijack ie searches (spyware-put.rules)
 * 1:12289 <-> DISABLED <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - get updates (spyware-put.rules)
 * 1:12290 <-> DISABLED <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules)
 * 1:12291 <-> DISABLED <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules)
 * 1:12292 <-> DISABLED <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - hijack/search (spyware-put.rules)
 * 1:12294 <-> DISABLED <-> SPYWARE-PUT Hijacker 3search runtime detection - counter (spyware-put.rules)
 * 1:12295 <-> DISABLED <-> SPYWARE-PUT Hijacker 3search runtime detection - hijacking (spyware-put.rules)
 * 1:12296 <-> DISABLED <-> SPYWARE-PUT Hijacker 3search runtime detection - update (spyware-put.rules)
 * 1:12297 <-> DISABLED <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
 * 1:12298 <-> DISABLED <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
 * 1:12303 <-> DISABLED <-> POLICY Google Chat web client connection (policy.rules)
 * 1:12304 <-> DISABLED <-> POLICY AOL Instant Messenger web client connection (policy.rules)
 * 1:12305 <-> DISABLED <-> POLICY Yahoo Messenger web client connection (policy.rules)
 * 1:12306 <-> DISABLED <-> POLICY Microsoft Messenger web client connection (policy.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:1233 <-> DISABLED <-> FILE-IDENTIFY Outlook EML file download request (file-identify.rules)
 * 1:12361 <-> DISABLED <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules)
 * 1:12362 <-> DISABLED <-> WEB-MISC Squid HTTP Proxy-Authorization overflow (web-misc.rules)
 * 1:12363 <-> DISABLED <-> SPYWARE-PUT Other-Technologies malware-stopper runtime detection (spyware-put.rules)
 * 1:12364 <-> DISABLED <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - get cfg information (spyware-put.rules)
 * 1:12365 <-> DISABLED <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules)
 * 1:12366 <-> DISABLED <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - toolbar search function (spyware-put.rules)
 * 1:12367 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules)
 * 1:12368 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules)
 * 1:12369 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules)
 * 1:12370 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - auto update (spyware-put.rules)
 * 1:12371 <-> DISABLED <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules)
 * 1:12372 <-> DISABLED <-> SPYWARE-PUT Keylogger mg-shadow 2.0 runtime detection (spyware-put.rules)
 * 1:12373 <-> DISABLED <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules)
 * 1:12374 <-> DISABLED <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules)
 * 1:12375 <-> DISABLED <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules)
 * 1:12376 <-> DISABLED <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules)
 * 1:12377 <-> DISABLED <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules)
 * 1:12378 <-> DISABLED <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules)
 * 1:12379 <-> DISABLED <-> SPYWARE-PUT Keylogger PaqKeylogger 5.1 runtime detection - ftp (spyware-put.rules)
 * 1:12390 <-> DISABLED <-> POLICY Yahoo Webmail client chat applet (policy.rules)
 * 1:12391 <-> DISABLED <-> POLICY Google Webmail client chat applet (policy.rules)
 * 1:12423 <-> DISABLED <-> SMTP Microsoft CDO long header name (smtp.rules)
 * 1:12424 <-> DISABLED <-> RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (rpc.rules)
 * 1:12425 <-> DISABLED <-> POLICY Ruckus P2P client activity (policy.rules)
 * 1:12426 <-> DISABLED <-> POLICY Ruckus P2P broadcast domain probe (policy.rules)
 * 1:12427 <-> DISABLED <-> POLICY Ruckus P2P encrypted authentication connection (policy.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file download request (file-identify.rules)
 * 1:12458 <-> DISABLED <-> RPC portmap Solaris sadmin port query tcp request (rpc.rules)
 * 1:12464 <-> DISABLED <-> NNTP cancel overflow attempt (nntp.rules)
 * 1:12481 <-> DISABLED <-> SPYWARE-PUT Hijacker 411web toolbar runtime detection (spyware-put.rules)
 * 1:12482 <-> DISABLED <-> SPYWARE-PUT Trickler pseudorat 0.1b runtime detection (spyware-put.rules)
 * 1:12483 <-> DISABLED <-> SPYWARE-PUT Other-Technologies virusprotectpro 3.7 runtime detection (spyware-put.rules)
 * 1:12484 <-> DISABLED <-> SPYWARE-PUT Adware instant buzz runtime detection - ads for members (spyware-put.rules)
 * 1:12485 <-> DISABLED <-> SPYWARE-PUT Adware instant buzz runtime detection - random text ads (spyware-put.rules)
 * 1:12486 <-> DISABLED <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - get weather information (spyware-put.rules)
 * 1:12487 <-> DISABLED <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (spyware-put.rules)
 * 1:12591 <-> DISABLED <-> DOS Apache mod_cache denial of service attempt (dos.rules)
 * 1:12594 <-> DISABLED <-> DOS Oracle TNS Service_CurLoad command (dos.rules)
 * 1:12597 <-> DISABLED <-> DOS utf8 filename transfer attempt (dos.rules)
 * 1:12608 <-> DISABLED <-> RPC portmap walld udp request (rpc.rules)
 * 1:12609 <-> DISABLED <-> RPC portmap walld udp format string attack attempt (rpc.rules)
 * 1:12611 <-> DISABLED <-> CHAT ebuddy.com login attempt (chat.rules)
 * 1:1262 <-> DISABLED <-> RPC portmap admind request TCP (rpc.rules)
 * 1:12620 <-> DISABLED <-> SPYWARE-PUT Adware drive cleaner 1.0.111 runtime detection (spyware-put.rules)
 * 1:12621 <-> DISABLED <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection (spyware-put.rules)
 * 1:12622 <-> DISABLED <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection - file download (spyware-put.rules)
 * 1:12623 <-> DISABLED <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection (spyware-put.rules)
 * 1:12624 <-> DISABLED <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection - upgrade (spyware-put.rules)
 * 1:12625 <-> DISABLED <-> SPYWARE-PUT Keylogger windows family safety 2.0 runtime detection (spyware-put.rules)
 * 1:12626 <-> DISABLED <-> RPC portmap Solaris sadmin port query udp request (rpc.rules)
 * 1:12627 <-> DISABLED <-> RPC portmap Solaris sadmin port query tcp portmapper sadmin port query attempt (rpc.rules)
 * 1:12628 <-> DISABLED <-> RPC portmap Solaris sadmin port query udp portmapper sadmin port query attempt (rpc.rules)
 * 1:1263 <-> DISABLED <-> RPC portmap amountd request TCP (rpc.rules)
 * 1:12630 <-> DISABLED <-> SHELLCODE unescape unicode encoded shellcode (shellcode.rules)
 * 1:12634 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (exploit.rules)
 * 1:12635 <-> DISABLED <-> DOS RPC NTLMSSP malformed credentials (dos.rules)
 * 1:1264 <-> DISABLED <-> RPC portmap bootparam request TCP (rpc.rules)
 * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detection (file-identify.rules)
 * 1:12642 <-> DISABLED <-> DOS RPC NTLMSSP malformed credentials (dos.rules)
 * 1:1265 <-> DISABLED <-> RPC portmap cmsd request TCP (rpc.rules)
 * 1:12652 <-> DISABLED <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - hijack browser (spyware-put.rules)
 * 1:12653 <-> DISABLED <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - download code (spyware-put.rules)
 * 1:12654 <-> DISABLED <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - hijack browser (spyware-put.rules)
 * 1:12655 <-> DISABLED <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - download updates (spyware-put.rules)
 * 1:12656 <-> DISABLED <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 1 (spyware-put.rules)
 * 1:12657 <-> DISABLED <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 2 (spyware-put.rules)
 * 1:12658 <-> DISABLED <-> SPYWARE-PUT Adware winantivirus pro 2007 runtime detection (spyware-put.rules)
 * 1:12659 <-> DISABLED <-> SPYWARE-PUT Trickler zlob media codec runtime detection - automatic updates (spyware-put.rules)
 * 1:12660 <-> DISABLED <-> SPYWARE-PUT Trickler zlob media codec runtime detection - download redirect domains (spyware-put.rules)
 * 1:12661 <-> DISABLED <-> BACKDOOR troll.a runtime detection (backdoor.rules)
 * 1:1267 <-> DISABLED <-> RPC portmap nisd request TCP (rpc.rules)
 * 1:12673 <-> DISABLED <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules)
 * 1:12674 <-> DISABLED <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules)
 * 1:12675 <-> DISABLED <-> BACKDOOR Versi TheTheef Detection (backdoor.rules)
 * 1:12676 <-> DISABLED <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules)
 * 1:12677 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules)
 * 1:12678 <-> DISABLED <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules)
 * 1:12679 <-> DISABLED <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules)
 * 1:1268 <-> DISABLED <-> RPC portmap pcnfsd request TCP (rpc.rules)
 * 1:12684 <-> DISABLED <-> BACKDOOR Sygate Remote Administration Engine (backdoor.rules)
 * 1:12686 <-> DISABLED <-> POLICY AIM Express usage (policy.rules)
 * 1:1269 <-> DISABLED <-> RPC portmap rexd request TCP (rpc.rules)
 * 1:12693 <-> DISABLED <-> SPYWARE-PUT Hijacker personalweb runtime detection (spyware-put.rules)
 * 1:12694 <-> DISABLED <-> SPYWARE-PUT Adware avsystemcare runtime detection (spyware-put.rules)
 * 1:12695 <-> DISABLED <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - initial connection (spyware-put.rules)
 * 1:12696 <-> DISABLED <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - automatic upgrade (spyware-put.rules)
 * 1:12697 <-> DISABLED <-> SPYWARE-PUT Trackware browser accelerator runtime detection - pass user information to server (spyware-put.rules)
 * 1:12698 <-> DISABLED <-> SPYWARE-PUT Keylogger net vizo 5.2 runtime detection (spyware-put.rules)
 * 1:12699 <-> DISABLED <-> BACKDOOR poison ivy 2.3.0 runtime detection - init connection (backdoor.rules)
 * 1:1270 <-> DISABLED <-> RPC portmap rstatd request TCP (rpc.rules)
 * 1:12700 <-> DISABLED <-> BACKDOOR poison ivy 2.3.0 runtime detection - init connection (backdoor.rules)
 * 1:12704 <-> DISABLED <-> SMTP Lotus Notes MIF viewer MIFFILE comment overflow (smtp.rules)
 * 1:12705 <-> DISABLED <-> SMTP Lotus Notes MIF viewer statement overflow (smtp.rules)
 * 1:12706 <-> DISABLED <-> SMTP Lotus Notes MIF viewer statement data overflow (smtp.rules)
 * 1:12707 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules)
 * 1:12708 <-> DISABLED <-> RPC MIT Kerberos kadmind auth buffer overflow attempt (rpc.rules)
 * 1:1271 <-> DISABLED <-> RPC portmap rusers request TCP (rpc.rules)
 * 1:12710 <-> DISABLED <-> SPECIFIC-THREATS ASN.1 constructed bit string (specific-threats.rules)
 * 1:12713 <-> DISABLED <-> ORACLE pitrig_dropmetadata buffer overflow attempt (oracle.rules)
 * 1:12718 <-> DISABLED <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - initial connection (spyware-put.rules)
 * 1:12719 <-> DISABLED <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - hijacks search engine (spyware-put.rules)
 * 1:1272 <-> DISABLED <-> RPC portmap sadmind request TCP (rpc.rules)
 * 1:12720 <-> DISABLED <-> SPYWARE-PUT Adware pestbot runtime detection - update (spyware-put.rules)
 * 1:12721 <-> DISABLED <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules)
 * 1:12722 <-> DISABLED <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules)
 * 1:12723 <-> DISABLED <-> SPYWARE-PUT Trackware winzix 2.2.0 runtime detection (spyware-put.rules)
 * 1:12724 <-> DISABLED <-> BACKDOOR dark moon 4.11 runtime detection (backdoor.rules)
 * 1:12725 <-> DISABLED <-> BACKDOOR dark moon 4.11 runtime detection (backdoor.rules)
 * 1:12726 <-> DISABLED <-> BACKDOOR bandook 1.35 runtime detection (backdoor.rules)
 * 1:12727 <-> DISABLED <-> BACKDOOR bandook 1.35 runtime detection (backdoor.rules)
 * 1:1273 <-> DISABLED <-> RPC portmap selection_svc request TCP (rpc.rules)
 * 1:12743 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture description metadata buffer overflow attempt (web-client.rules)
 * 1:12744 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC VORBIS string buffer overflow attempt (web-client.rules)
 * 1:12745 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture metadata buffer overflow attempt (web-client.rules)
 * 1:1275 <-> DISABLED <-> RPC portmap yppasswd request TCP (rpc.rules)
 * 1:12758 <-> DISABLED <-> SPYWARE-PUT Keylogger/RAT digi watcher 2.32 runtime detection (spyware-put.rules)
 * 1:12759 <-> DISABLED <-> SPYWARE-PUT Keylogger/RAT digi watcher 2.32 runtime detection (spyware-put.rules)
 * 1:1276 <-> DISABLED <-> RPC portmap ypserv request TCP (rpc.rules)
 * 1:12760 <-> DISABLED <-> SPYWARE-PUT Keylogger powered Keylogger 2.2 runtime detection (spyware-put.rules)
 * 1:12761 <-> DISABLED <-> SPYWARE-PUT Keylogger powered Keylogger 2.2 runtime detection (spyware-put.rules)
 * 1:1277 <-> DISABLED <-> RPC portmap ypupdated request UDP (rpc.rules)
 * 1:12770 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (specific-threats.rules)
 * 1:12771 <-> DISABLED <-> SPECIFIC-THREATS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (specific-threats.rules)
 * 1:12772 <-> DISABLED <-> SPECIFIC-THREATS obfuscated PPStream PowerPlayer ActiveX exploit attempt (specific-threats.rules)
 * 1:12773 <-> DISABLED <-> SPECIFIC-THREATS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (specific-threats.rules)
 * 1:12774 <-> DISABLED <-> SPECIFIC-THREATS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (specific-threats.rules)
 * 1:12775 <-> DISABLED <-> SPECIFIC-THREATS obfuscated RealPlayer Ierpplug.dll ActiveX exploit attempt (specific-threats.rules)
 * 1:12789 <-> DISABLED <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules)
 * 1:12790 <-> DISABLED <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules)
 * 1:12791 <-> DISABLED <-> SPYWARE-PUT Adware gophoria toolbar runtime detection (spyware-put.rules)
 * 1:12792 <-> DISABLED <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules)
 * 1:12793 <-> DISABLED <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules)
 * 1:12794 <-> DISABLED <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules)
 * 1:12795 <-> DISABLED <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules)
 * 1:12796 <-> DISABLED <-> SPYWARE-PUT Trackware happytofind toolbar runtime detection (spyware-put.rules)
 * 1:12797 <-> DISABLED <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules)
 * 1:12798 <-> DISABLED <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
 * 1:12799 <-> DISABLED <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
 * 1:1280 <-> DISABLED <-> RPC portmap listing UDP 111 (rpc.rules)
 * 1:12800 <-> DISABLED <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
 * 1:12801 <-> DISABLED <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
 * 1:12802 <-> DISABLED <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
 * 1:12807 <-> DISABLED <-> SMTP Lotus 123 file attachment (smtp.rules)
 * 1:1281 <-> DISABLED <-> RPC portmap listing UDP 32771 (rpc.rules)
 * 1:1292 <-> DISABLED <-> ATTACK-RESPONSES directory listing (attack-responses.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detection (file-identify.rules)
 * 1:12977 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12978 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13210 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:13211 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:13236 <-> DISABLED <-> SPYWARE-PUT Keylogger active Keylogger 3.9.2 runtime detection (spyware-put.rules)
 * 1:13237 <-> DISABLED <-> SPYWARE-PUT Keylogger active Keylogger 3.9.2 runtime detection (spyware-put.rules)
 * 1:13238 <-> DISABLED <-> SPYWARE-PUT Adware adult p2p 1.5 runtime detection (spyware-put.rules)
 * 1:13239 <-> DISABLED <-> SPYWARE-PUT Hijacker blue wave adult links toolbar runtime detection (spyware-put.rules)
 * 1:13240 <-> DISABLED <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - redirects to purchase page (spyware-put.rules)
 * 1:13241 <-> DISABLED <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - application updates (spyware-put.rules)
 * 1:13242 <-> DISABLED <-> SPYWARE-PUT Adware netpumper 1.26 runtime detection (spyware-put.rules)
 * 1:13243 <-> DISABLED <-> SPYWARE-PUT Keylogger computer monitor 1.1 by lastcomfort runtime detection (spyware-put.rules)
 * 1:13244 <-> DISABLED <-> SPYWARE-PUT Keylogger computer monitor 1.1 by lastcomfort runtime detection (spyware-put.rules)
 * 1:13245 <-> DISABLED <-> BACKDOOR troya 1.4 runtime detection - init connection (backdoor.rules)
 * 1:13246 <-> DISABLED <-> BACKDOOR troya 1.4 runtime detection - init connection (backdoor.rules)
 * 1:13247 <-> DISABLED <-> BACKDOOR yuri 1.2 runtime detection - init connection (backdoor.rules)
 * 1:13248 <-> DISABLED <-> BACKDOOR yuri 1.2 runtime detection - init connection (backdoor.rules)
 * 1:13277 <-> DISABLED <-> SPYWARE-PUT Adware netword agent runtime detection (spyware-put.rules)
 * 1:13278 <-> DISABLED <-> SPYWARE-PUT Keylogger advanced spy 4.0 runtime detection (spyware-put.rules)
 * 1:13279 <-> DISABLED <-> SPYWARE-PUT Keylogger advanced spy 4.0 runtime detection (spyware-put.rules)
 * 1:13280 <-> DISABLED <-> SPYWARE-PUT Keylogger email spy monitor 6.9 runtime detection (spyware-put.rules)
 * 1:13281 <-> DISABLED <-> SPYWARE-PUT Keylogger email spy monitor 6.9 runtime detection (spyware-put.rules)
 * 1:13282 <-> DISABLED <-> SPYWARE-PUT Adware jily ie toolbar runtime detection (spyware-put.rules)
 * 1:13283 <-> DISABLED <-> SPYWARE-PUT Hijacker dreambar runtime detection (spyware-put.rules)
 * 1:13284 <-> DISABLED <-> SPYWARE-PUT Adware netguarder web cleaner runtime detection (spyware-put.rules)
 * 1:13285 <-> DISABLED <-> SPYWARE-PUT Hijacker phazebar runtime detection (spyware-put.rules)
 * 1:13286 <-> DISABLED <-> SPYWARE-PUT Adware 3wplayer 1.7 runtime detection (spyware-put.rules)
 * 1:13288 <-> DISABLED <-> BAD-TRAFFIC Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (bad-traffic.rules)
 * 1:13316 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules)
 * 1:13317 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules)
 * 1:13318 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules)
 * 1:13319 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules)
 * 1:13320 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules)
 * 1:13339 <-> DISABLED <-> SPYWARE-PUT Hijacker direct toolbar runtime detection (spyware-put.rules)
 * 1:13340 <-> DISABLED <-> SPYWARE-PUT Hijacker search4top runtime detection - hijack ie searches and error pages (spyware-put.rules)
 * 1:13341 <-> DISABLED <-> SPYWARE-PUT Hijacker search4top runtime detection - popup ads (spyware-put.rules)
 * 1:13342 <-> DISABLED <-> SPYWARE-PUT Hijacker ditto toolbar runtime detection (spyware-put.rules)
 * 1:13343 <-> DISABLED <-> SPYWARE-PUT Adware 2005-search loader runtime detection (spyware-put.rules)
 * 1:13344 <-> DISABLED <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - presale request (spyware-put.rules)
 * 1:13345 <-> DISABLED <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - update (spyware-put.rules)
 * 1:13346 <-> DISABLED <-> SPYWARE-PUT Snoopware remote desktop inspector runtime detection - init connection (spyware-put.rules)
 * 1:13347 <-> DISABLED <-> SPYWARE-PUT Snoopware remote desktop inspector runtime detection - init connection (spyware-put.rules)
 * 1:13448 <-> DISABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (web-client.rules)
 * 1:13449 <-> DISABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (web-client.rules)
 * 1:13454 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (web-client.rules)
 * 1:13456 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (web-client.rules)
 * 1:13479 <-> DISABLED <-> SPYWARE-PUT Keylogger findnot guarddog 4.0 runtime detection (spyware-put.rules)
 * 1:13480 <-> DISABLED <-> SPYWARE-PUT Keylogger findnot guarddog 4.0 runtime detection (spyware-put.rules)
 * 1:13481 <-> DISABLED <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - hijacks search engine (spyware-put.rules)
 * 1:13482 <-> DISABLED <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - discloses information (spyware-put.rules)
 * 1:13483 <-> DISABLED <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - updates automatically (spyware-put.rules)
 * 1:13484 <-> DISABLED <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - updates automatically (spyware-put.rules)
 * 1:13485 <-> DISABLED <-> SPYWARE-PUT Hijacker sofa toolbar runtime detection - hijacks search engine (spyware-put.rules)
 * 1:13486 <-> DISABLED <-> SPYWARE-PUT Hijacker sofa toolbar runtime detection - records search information (spyware-put.rules)
 * 1:13487 <-> DISABLED <-> SPYWARE-PUT Adware elite protector runtime detection (spyware-put.rules)
 * 1:13488 <-> DISABLED <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - automatic upgrade (spyware-put.rules)
 * 1:13489 <-> DISABLED <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - traffic for searching (spyware-put.rules)
 * 1:13490 <-> DISABLED <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - presale request (spyware-put.rules)
 * 1:13491 <-> DISABLED <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - update (spyware-put.rules)
 * 1:13492 <-> DISABLED <-> SPYWARE-PUT Hijacker deepdo toolbar runtime detection - redirects search engine (spyware-put.rules)
 * 1:13493 <-> DISABLED <-> SPYWARE-PUT Hijacker deepdo toolbar runtime detection - automatic update (spyware-put.rules)
 * 1:13494 <-> DISABLED <-> SPYWARE-PUT Keylogger smart pc Keylogger runtime detection (spyware-put.rules)
 * 1:13495 <-> DISABLED <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (spyware-put.rules)
 * 1:13496 <-> DISABLED <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (spyware-put.rules)
 * 1:13497 <-> DISABLED <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - tracking traffic (spyware-put.rules)
 * 1:13498 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 1 (spyware-put.rules)
 * 1:13499 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 2 (spyware-put.rules)
 * 1:13500 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - log information (spyware-put.rules)
 * 1:13501 <-> DISABLED <-> SPYWARE-PUT Adware contravirus runtime detection - presale request (spyware-put.rules)
 * 1:13502 <-> DISABLED <-> SPYWARE-PUT Adware contravirus runtime detection - update (spyware-put.rules)
 * 1:16366 <-> DISABLED <-> EXPLOIT Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (exploit.rules)
 * 1:16378 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (web-client.rules)
 * 1:1638 <-> DISABLED <-> SCAN SSH Version map attempt (scan.rules)
 * 1:16381 <-> DISABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:1639 <-> DISABLED <-> CHAT IRC DCC file transfer request (chat.rules)
 * 1:16390 <-> DISABLED <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules)
 * 1:16397 <-> DISABLED <-> NETBIOS SMB andx invalid server name share access  (netbios.rules)
 * 1:16398 <-> DISABLED <-> NETBIOS SMB invalid server name share access  (netbios.rules)
 * 1:16399 <-> DISABLED <-> NETBIOS SMB unicode andx invalid server name share access  (netbios.rules)
 * 1:1640 <-> DISABLED <-> CHAT IRC DCC chat request (chat.rules)
 * 1:16400 <-> DISABLED <-> NETBIOS SMB unicode invalid server name share access  (netbios.rules)
 * 1:16401 <-> DISABLED <-> NETBIOS SMB andx invalid server name share access  (netbios.rules)
 * 1:16402 <-> DISABLED <-> NETBIOS SMB invalid server name share access  (netbios.rules)
 * 1:16403 <-> DISABLED <-> NETBIOS SMB unicode andx invalid server name share access  (netbios.rules)
 * 1:16404 <-> DISABLED <-> NETBIOS SMB unicode invalid server name share access  (netbios.rules)
 * 1:16412 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (web-client.rules)
 * 1:16416 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Malformed MSODrawing Record (web-client.rules)
 * 1:16421 <-> DISABLED <-> EXPLOIT Microsoft Office PowerPoint out of bounds value remote code execution attempt (exploit.rules)
 * 1:16422 <-> DISABLED <-> EXPLOIT Microsoft Windows Paint JPEG with malformed SOFx field (exploit.rules)
 * 1:16426 <-> DISABLED <-> WEB-MISC Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (web-misc.rules)
 * 1:16427 <-> DISABLED <-> WEB-MISC Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method (web-misc.rules)
 * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detection (file-identify.rules)
 * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detection (file-identify.rules)
 * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90,v2.93-3.00 packed file magic detection (file-identify.rules)
 * 1:16444 <-> DISABLED <-> EXPLOIT HP StorageWorks storage mirroring double take service code execution attempt (exploit.rules)
 * 1:16445 <-> ENABLED <-> SPECIFIC-THREATS Digium Asterisk IAX2 ack response denial of service attempt (specific-threats.rules)
 * 1:16455 <-> DISABLED <-> SPYWARE-PUT Keylogger egyspy keylogger 1.13 runtime detection (spyware-put.rules)
 * 1:16456 <-> DISABLED <-> SPYWARE-PUT Rogue-Software ang antivirus 09 runtime detection (spyware-put.rules)
 * 1:16457 <-> DISABLED <-> BACKDOOR Trojan.Downloader.Win32.Cutwail.AI runtime detection (backdoor.rules)
 * 1:16464 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 heap overflow attempt (web-client.rules)
 * 1:16465 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (web-client.rules)
 * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detection (file-identify.rules)
 * 1:16475 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detection (file-identify.rules)
 * 1:16476 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16483 <-> DISABLED <-> BOTNET-CNC Koobface worm submission of collected data to C&C server attempt (botnet-cnc.rules)
 * 1:16492 <-> DISABLED <-> WEB-CLIENT Apple Safari inline text box use after free attempt (web-client.rules)
 * 1:16503 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer event handling remote code execution attempt (exploit.rules)
 * 1:16506 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:16507 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:16508 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (web-client.rules)
 * 1:16512 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer malformed span/div html document heap corruption attempt (exploit.rules)
 * 1:16525 <-> DISABLED <-> CHAT MSN Messenger web login attempt (chat.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16540 <-> DISABLED <-> NETBIOS SMB2 client NetBufferList NULL entry remote code execution attempt  (netbios.rules)
 * 1:16542 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:16545 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (web-client.rules)
 * 1:16549 <-> ENABLED <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (web-client.rules)
 * 1:16550 <-> ENABLED <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (web-client.rules)
 * 1:16579 <-> DISABLED <-> CHAT mIRC IRC URL buffer overflow attempt (chat.rules)
 * 1:16582 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:16590 <-> DISABLED <-> SPECIFIC-THREATS EasyMail Objects ActiveX exploit attempt - 1 (specific-threats.rules)
 * 1:16591 <-> DISABLED <-> SPECIFIC-THREATS EasyMail Objects ActiveX exploit attempt - 2 (specific-threats.rules)
 * 1:16594 <-> DISABLED <-> POP3 STAT command (pop3.rules)
 * 1:16595 <-> DISABLED <-> POP3 Windows Mail remote code execution attempt  (pop3.rules)
 * 1:16596 <-> DISABLED <-> WEB-CLIENT Apple Safari information disclosure and remote code execution attempt (web-client.rules)
 * 1:16601 <-> DISABLED <-> WEB-CLIENT Amaya web editor XML and HTML Parser Buffer overflow attempt (web-client.rules)
 * 1:16606 <-> DISABLED <-> ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (oracle.rules)
 * 1:16630 <-> DISABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16636 <-> DISABLED <-> MISC Microsoft Windows .NET framework XMLDsig data tampering attempt  (misc.rules)
 * 1:16650 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (web-client.rules)
 * 1:16651 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (web-client.rules)
 * 1:16652 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (web-client.rules)
 * 1:16653 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (web-client.rules)
 * 1:16654 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel undocumented Publisher record heap buffer overflow attempt (web-client.rules)
 * 1:16655 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Lbl record stack overflow attempt (web-client.rules)
 * 1:16656 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (web-client.rules)
 * 1:16657 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel DBQueryExt record memory corruption attempt (web-client.rules)
 * 1:16659 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer style sheet array memory corruption attempt (exploit.rules)
 * 1:1666 <-> DISABLED <-> ATTACK-RESPONSES index of /cgi-bin/ response (attack-responses.rules)
 * 1:16660 <-> DISABLED <-> DOS SharePoint Server 2007 help.aspx denial of service attempt (dos.rules)
 * 1:16666 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari window.parent.close unspecified remote code execution vulnerability (specific-threats.rules)
 * 1:16671 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino Web Access ActiveX exploit attempt (specific-threats.rules)
 * 1:16675 <-> DISABLED <-> SPECIFIC-THREATS CA BrightStor ListCtrl ActiveX exploit attempt (specific-threats.rules)
 * 1:16676 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader malformed FlateDecode colors declaration (specific-threats.rules)
 * 1:16677 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader malformed FlateDecode colors declaration (web-client.rules)
 * 1:16678 <-> DISABLED <-> WEB-PHP Tandberg VCS local file disclosure attempt (web-php.rules)
 * 1:16681 <-> DISABLED <-> WEB-MISC Basic Authorization string overflow attempt (web-misc.rules)
 * 1:16682 <-> DISABLED <-> WEB-MISC Oracle Sun ONE Web Server JSP source code disclosure attempt (web-misc.rules)
 * 1:16684 <-> DISABLED <-> DOS Samba smbd Session Setup AndX security blob length dos attempt (dos.rules)
 * 1:16689 <-> DISABLED <-> WEB-CLIENT Palo Alto Networks Firewall editUser.esp XSS attempt (web-client.rules)
 * 1:16691 <-> DISABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16716 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules)
 * 1:1673 <-> DISABLED <-> ORACLE EXECUTE_SYSTEM attempt (oracle.rules)
 * 1:13814 <-> DISABLED <-> BACKDOOR passhax runtime detection - initial connection (backdoor.rules)
 * 1:13815 <-> DISABLED <-> BACKDOOR zombget.03 runtime detection (backdoor.rules)
 * 1:13816 <-> DISABLED <-> SPECIFIC-THREATS Metasploit Framework xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13817 <-> DISABLED <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13818 <-> DISABLED <-> SPECIFIC-THREATS alternate xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13824 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (web-client.rules)
 * 1:13827 <-> DISABLED <-> DOS Microsoft PGM denial of service attempt (dos.rules)
 * 1:13838 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox IFRAME style change handling code execution (web-client.rules)
 * 1:13846 <-> ENABLED <-> SPECIFIC-THREATS Veritas Backup Agent password overflow attempt (specific-threats.rules)
 * 1:13847 <-> DISABLED <-> SPYWARE-PUT Adware phoenician casino runtime detection (spyware-put.rules)
 * 1:13848 <-> DISABLED <-> SPYWARE-PUT Trickler zwinky runtime detection (spyware-put.rules)
 * 1:13849 <-> DISABLED <-> SPYWARE-PUT Hijacker rcse 4.4 runtime detection - hijack ie browser (spyware-put.rules)
 * 1:13850 <-> DISABLED <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - popup ads (spyware-put.rules)
 * 1:13851 <-> DISABLED <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - upgrade (spyware-put.rules)
 * 1:13852 <-> DISABLED <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules)
 * 1:13853 <-> DISABLED <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - weather request (spyware-put.rules)
 * 1:13854 <-> DISABLED <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - auto update (spyware-put.rules)
 * 1:13855 <-> DISABLED <-> SPYWARE-PUT Trackware speed runner runtime detection (spyware-put.rules)
 * 1:13856 <-> DISABLED <-> BACKDOOR wintrim.z runtime detection (backdoor.rules)
 * 1:13861 <-> DISABLED <-> POLICY Habbo chat client avatar control (policy.rules)
 * 1:13862 <-> DISABLED <-> POLICY Habbo chat client item information download (policy.rules)
 * 1:13863 <-> DISABLED <-> POLICY Habbo chat client successful login (policy.rules)
 * 1:13864 <-> DISABLED <-> POLICY Microsoft Watson error reporting attempt (policy.rules)
 * 1:13866 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker-fc.gen.a runtime detection - popup ads (spyware-put.rules)
 * 1:13867 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker-fc.gen.a runtime detection (spyware-put.rules)
 * 1:13868 <-> DISABLED <-> SPYWARE-PUT Adware antispywaremaster runtime detection - start fake scanning (spyware-put.rules)
 * 1:13869 <-> DISABLED <-> SPYWARE-PUT Adware antispywaremaster runtime detection - sale/register request (spyware-put.rules)
 * 1:13870 <-> DISABLED <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - init conn (spyware-put.rules)
 * 1:13871 <-> DISABLED <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - ads (spyware-put.rules)
 * 1:13872 <-> DISABLED <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - notice (spyware-put.rules)
 * 1:13873 <-> DISABLED <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - underground traffic (spyware-put.rules)
 * 1:13874 <-> DISABLED <-> SPYWARE-PUT Adware malware destructor 4.5 runtime detection - order request (spyware-put.rules)
 * 1:13875 <-> DISABLED <-> SPYWARE-PUT Adware malware destructor 4.5 runtime detection - auto update (spyware-put.rules)
 * 1:13876 <-> DISABLED <-> BACKDOOR zlob.acc runtime detection (backdoor.rules)
 * 1:13877 <-> DISABLED <-> BACKDOOR trojan-spy.win32.delf.uv runtime detection (backdoor.rules)
 * 1:13878 <-> DISABLED <-> BACKDOOR trojan-spy.win32.delf.uv runtime detection (backdoor.rules)
 * 1:13888 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13889 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13890 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13891 <-> DISABLED <-> SQL Memory page overwrite attempt  (sql.rules)
 * 1:13892 <-> DISABLED <-> SQL Convert function style overwrite  (sql.rules)
 * 1:13893 <-> DISABLED <-> WEB-CLIENT Microsoft malformed saved search heap corruption attempt (web-client.rules)
 * 1:13894 <-> DISABLED <-> SMTP Micrsoft Office Outlook Web Access From field cross-site scripting attempt  (smtp.rules)
 * 1:1390 <-> DISABLED <-> SHELLCODE x86 inc ebx NOOP (shellcode.rules)
 * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules)
 * 1:13911 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:13915 <-> DISABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13930 <-> DISABLED <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - order/register request (spyware-put.rules)
 * 1:13931 <-> DISABLED <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - auto update (spyware-put.rules)
 * 1:13932 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - post user info to remote server (spyware-put.rules)
 * 1:13933 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules)
 * 1:13934 <-> DISABLED <-> SPYWARE-PUT Hijacker mediatubecodec 1.470.0 runtime detection - hijack ie (spyware-put.rules)
 * 1:13935 <-> DISABLED <-> SPYWARE-PUT Hijacker mediatubecodec 1.470.0 runtime detection - download other malware (spyware-put.rules)
 * 1:13936 <-> DISABLED <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection - call home (spyware-put.rules)
 * 1:13937 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - call home (spyware-put.rules)
 * 1:13938 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection (spyware-put.rules)
 * 1:13939 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - auto update (spyware-put.rules)
 * 1:1394 <-> DISABLED <-> SHELLCODE x86 inc ecx NOOP (shellcode.rules)
 * 1:13940 <-> DISABLED <-> SPYWARE-PUT Hijacker win32.bho.bgf runtime detection (spyware-put.rules)
 * 1:13941 <-> DISABLED <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules)
 * 1:13942 <-> DISABLED <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules)
 * 1:13943 <-> DISABLED <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection (spyware-put.rules)
 * 1:13944 <-> DISABLED <-> BACKDOOR trojan downloader small.gy runtime detection - get whitelist (backdoor.rules)
 * 1:13945 <-> DISABLED <-> BACKDOOR trojan downloader small.gy runtime detection - update (backdoor.rules)
 * 1:13960 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:13962 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MHTML zone control bypass attempt (web-client.rules)
 * 1:13964 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer span frontier parsing memory corruption (web-client.rules)
 * 1:13974 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer XHTML element memory corruption attempt (web-client.rules)
 * 1:13980 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer http status response memory corruption vulnerability (web-client.rules)
 * 1:13989 <-> ENABLED <-> SQL large number of calls to char function - possible sql injection obfuscation (sql.rules)
 * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules)
 * 1:14054 <-> DISABLED <-> SPYWARE-PUT Adware AdwareALERT runtime detection - auto update (spyware-put.rules)
 * 1:14055 <-> DISABLED <-> SPYWARE-PUT Hijacker rediff toolbar runtime detection - hijack ie auto search (spyware-put.rules)
 * 1:14056 <-> DISABLED <-> SPYWARE-PUT Hijacker rediff toolbar runtime detection - get news info (spyware-put.rules)
 * 1:14057 <-> DISABLED <-> SPYWARE-PUT Trackware murzilka2 runtime detection (spyware-put.rules)
 * 1:14058 <-> DISABLED <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - pass info to controlling server (spyware-put.rules)
 * 1:14059 <-> DISABLED <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - hijack ie home page (spyware-put.rules)
 * 1:14060 <-> DISABLED <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - auto update (spyware-put.rules)
 * 1:14061 <-> DISABLED <-> SPYWARE-PUT Trickler antimalware guard runtime detection - order/register request (spyware-put.rules)
 * 1:14062 <-> DISABLED <-> SPYWARE-PUT Trickler antimalware guard runtime detection - auto update (spyware-put.rules)
 * 1:14063 <-> DISABLED <-> SPYWARE-PUT Hijacker cashon runtime detection - hijack ie searches (spyware-put.rules)
 * 1:14064 <-> DISABLED <-> SPYWARE-PUT Hijacker cashon runtime detection - auto update (spyware-put.rules)
 * 1:14065 <-> DISABLED <-> SPYWARE-PUT Keylogger emptybase j runtime detection (spyware-put.rules)
 * 1:14066 <-> DISABLED <-> SPYWARE-PUT Adware winsecuredisc runtime detection (spyware-put.rules)
 * 1:14067 <-> DISABLED <-> SPYWARE-PUT Adware swizzor runtime detection (spyware-put.rules)
 * 1:14068 <-> DISABLED <-> SPYWARE-PUT Adware rond runtime detection (spyware-put.rules)
 * 1:14069 <-> DISABLED <-> SPYWARE-PUT Adware brave sentry runtime detection - order request (spyware-put.rules)
 * 1:14070 <-> DISABLED <-> SPYWARE-PUT Adware brave sentry runtime detection - self update (spyware-put.rules)
 * 1:14071 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (spyware-put.rules)
 * 1:14072 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (spyware-put.rules)
 * 1:14073 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - prompt download page (spyware-put.rules)
 * 1:14074 <-> DISABLED <-> SPYWARE-PUT Keylogger spybosspro 4.2 runtime detection (spyware-put.rules)
 * 1:14075 <-> DISABLED <-> SPYWARE-PUT Keylogger ultimate Keylogger pro runtime detection (spyware-put.rules)
 * 1:14076 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware win32 mostofate runtime detection - hijack search (spyware-put.rules)
 * 1:14077 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware win32 mostofate runtime detection - redirect search results (spyware-put.rules)
 * 1:14078 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - download malicous code (spyware-put.rules)
 * 1:14079 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - connection to malicious sites (spyware-put.rules)
 * 1:14080 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - connection to malicious server (spyware-put.rules)
 * 1:14081 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - call home (backdoor.rules)
 * 1:14082 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - spread via spam (backdoor.rules)
 * 1:14083 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - download other malware (backdoor.rules)
 * 1:14084 <-> DISABLED <-> BACKDOOR infostealer.banker.c runtime detection - download cfg.bin (backdoor.rules)
 * 1:14085 <-> DISABLED <-> BACKDOOR infostealer.banker.c runtime detection - collect user info (backdoor.rules)
 * 1:14086 <-> DISABLED <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 1 (backdoor.rules)
 * 1:14087 <-> DISABLED <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 2 (backdoor.rules)
 * 1:14261 <-> DISABLED <-> WEB-CLIENT Microsoft Windows GDI VML gradient size heap overflow attempt (web-client.rules)
 * 1:14262 <-> DISABLED <-> WEB-CLIENT Microsoft Office OneNote iframe caller exploit attempt (web-client.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Windows Media Player playlist download (file-identify.rules)
 * 1:1432 <-> DISABLED <-> P2P GNUTella client request (p2p.rules)
 * 1:1445 <-> DISABLED <-> POLICY FTP file_id.diz access possible warez site (policy.rules)
 * 1:1446 <-> DISABLED <-> SMTP vrfy root (smtp.rules)
 * 1:1450 <-> DISABLED <-> SMTP expn *@ (smtp.rules)
 * 1:1451 <-> DISABLED <-> WEB-CGI NPH-maillist access (web-cgi.rules)
 * 1:14607 <-> DISABLED <-> EXPLOIT CA Brightstor SUN RPC malformed string buffer overflow attempt (exploit.rules)
 * 1:1463 <-> DISABLED <-> CHAT IRC message (chat.rules)
 * 1:14644 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain unfocusable HTML element (web-client.rules)
 * 1:14645 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain setExpression exploit attempt (web-client.rules)
 * 1:14653 <-> DISABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14654 <-> DISABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14661 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt  (netbios.rules)
 * 1:14710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt  (netbios.rules)
 * 1:14717 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian andx attempt   (netbios.rules)
 * 1:14718 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response unicode little endian andx attempt   (netbios.rules)
 * 1:14719 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response little endian andx attempt   (netbios.rules)
 * 1:14720 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian andx attempt   (netbios.rules)
 * 1:14721 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response andx attempt   (netbios.rules)
 * 1:14722 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response unicode andx attempt   (netbios.rules)
 * 1:14723 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX andx attempt   (netbios.rules)
 * 1:14724 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode andx attempt   (netbios.rules)
 * 1:14896 <-> ENABLED <-> NETBIOS SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (netbios.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> WEB-MISC Novell eDirectory SOAP Accept Language header overflow attempt (web-misc.rules)
 * 1:14990 <-> DISABLED <-> WEB-MISC Novell eDirectory SOAP Accept Charset header overflow attempt (web-misc.rules)
 * 1:15012 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MSXML DLL memory corruption attempt (web-client.rules)
 * 1:15081 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start xml encoding buffer overflow attempt (web-client.rules)
 * 1:15083 <-> DISABLED <-> EXPLOIT Microsoft Office Word .rtf file double free attempt (exploit.rules)
 * 1:15107 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
 * 1:15114 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer embed src buffer overflow attempt (web-client.rules)
 * 1:15115 <-> DISABLED <-> WEB-CLIENT Microsoft Windows WebDAV pathname buffer overflow attempt (web-client.rules)
 * 1:15135 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules)
 * 1:15136 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules)
 * 1:15137 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules)
 * 1:15138 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules)
 * 1:15139 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules)
 * 1:15140 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules)
 * 1:15141 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules)
 * 1:15142 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules)
 * 1:15143 <-> DISABLED <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules)
 * 1:15144 <-> DISABLED <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules)
 * 1:15147 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed iframe buffer overflow attempt (web-client.rules)
 * 1:15167 <-> DISABLED <-> POLICY Suspicious .cn dns query (policy.rules)
 * 1:15168 <-> DISABLED <-> POLICY Suspicious .ru dns query (policy.rules)
 * 1:15183 <-> DISABLED <-> CHAT Yahoo messenger http link transmission attempt (chat.rules)
 * 1:15184 <-> DISABLED <-> CHAT MSN messenger http link transmission attempt (chat.rules)
 * 1:15191 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox animated PNG processing integer overflow (specific-threats.rules)
 * 1:15196 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt  (netbios.rules)
 * 1:15197 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt  (netbios.rules)
 * 1:15198 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt  (netbios.rules)
 * 1:15199 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt  (netbios.rules)
 * 1:15200 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15201 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt  (netbios.rules)
 * 1:15202 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15203 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt  (netbios.rules)
 * 1:15204 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15205 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15206 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt  (netbios.rules)
 * 1:15207 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt  (netbios.rules)
 * 1:15208 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15209 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15210 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt  (netbios.rules)
 * 1:15211 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt  (netbios.rules)
 * 1:15212 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt  (netbios.rules)
 * 1:15213 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15214 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt  (netbios.rules)
 * 1:15215 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15216 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt  (netbios.rules)
 * 1:15217 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15218 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt  (netbios.rules)
 * 1:15219 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15220 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt  (netbios.rules)
 * 1:15221 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt  (netbios.rules)
 * 1:15222 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt  (netbios.rules)
 * 1:15223 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt  (netbios.rules)
 * 1:15224 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15225 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt  (netbios.rules)
 * 1:15226 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt  (netbios.rules)
 * 1:15227 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15236 <-> DISABLED <-> WEB-CLIENT ACD Systems ACDSee XPM file format overflow attempt (web-client.rules)
 * 1:15302 <-> DISABLED <-> DOS Microsoft Exchange System Attendant denial of service attempt (dos.rules)
 * 1:15305 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:15306 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detection (file-identify.rules)
 * 1:15319 <-> DISABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> DISABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> DISABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> DISABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> DISABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> DISABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> DISABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> DISABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15359 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent via email (smtp.rules)
 * 1:15360 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent in email (smtp.rules)
 * 1:15361 <-> DISABLED <-> POLICY pdf file sent via email (policy.rules)
 * 1:15362 <-> DISABLED <-> WEB-CLIENT obfuscated javascript excessive fromCharCode - potential attack (web-client.rules)
 * 1:1538 <-> DISABLED <-> NNTP AUTHINFO USER overflow attempt (nntp.rules)
 * 1:15382 <-> DISABLED <-> SPECIFIC-THREATS X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (specific-threats.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15387 <-> DISABLED <-> NETBIOS udp WINS WPAD registration attempt  (netbios.rules)
 * 1:1541 <-> DISABLED <-> FINGER version query (finger.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> DISABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15428 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:15446 <-> DISABLED <-> WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt (web-misc.rules)
 * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules)
 * 1:15460 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer ActiveX load/unload race condition attempt (exploit.rules)
 * 1:15462 <-> DISABLED <-> WEB-CLIENT Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (web-client.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> DISABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat dll request (web-client.rules)
 * 1:15469 <-> DISABLED <-> WEB-CLIENT Microsoft Office WordPad and Office text converters integer underflow attempt (web-client.rules)
 * 1:15471 <-> DISABLED <-> WEB-CLIENT asp file upload (web-client.rules)
 * 1:1549 <-> DISABLED <-> SMTP HELO overflow attempt (smtp.rules)
 * 1:15494 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent from email (smtp.rules)
 * 1:15495 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent by email (smtp.rules)
 * 1:15496 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent through email (smtp.rules)
 * 1:15497 <-> DISABLED <-> SMTP Suspicious JBIG2 pdf file sent with email (smtp.rules)
 * 1:1550 <-> DISABLED <-> SMTP ETRN overflow attempt (smtp.rules)
 * 1:15501 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (web-client.rules)
 * 1:15502 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (web-client.rules)
 * 1:15531 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Unexpected method call remote code execution attempt (web-client.rules)
 * 1:15535 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setCapture heap corruption exploit attempt (web-client.rules)
 * 1:15538 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:15539 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Formula record remote code execution attempt (web-client.rules)
 * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detection (file-identify.rules)
 * 1:15579 <-> DISABLED <-> SPECIFIC-THREATS Squid NTLM fakeauth_auth Helper denial of service attempt (specific-threats.rules)
 * 1:15580 <-> DISABLED <-> SPECIFIC-THREATS Squid oversized reply header handling exploit attempt (specific-threats.rules)
 * 1:15581 <-> DISABLED <-> NETBIOS Samba wildcard filename matching denial of service attempt (netbios.rules)
 * 1:15582 <-> DISABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15679 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (specific-threats.rules)
 * 1:15695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15701 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows 2000 domain authentication bypass attempt (specific-threats.rules)
 * 1:15727 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over http (policy.rules)
 * 1:15731 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (exploit.rules)
 * 1:15850 <-> DISABLED <-> EXPLOIT Remote Desktop orderType remote code execution attempt (exploit.rules)
 * 1:15867 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat PDF font processing memory corruption attempt (web-client.rules)
 * 1:15869 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player ASnative command execution attempet (web-client.rules)
 * 1:15880 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer popup window object tag code execution attempt (specific-threats.rules)
 * 1:15903 <-> DISABLED <-> SHELLCODE x86 PoC CVE-2003-0605 (shellcode.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15950 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA Type-2 file handling overflow attempt (specific-threats.rules)
 * 1:15953 <-> DISABLED <-> WEB-MISC Ipswitch IMail Calendaring arbitrary file read attempt (web-misc.rules)
 * 1:15954 <-> DISABLED <-> SPECIFIC-THREATS SpamAssassin malformed email header DoS attempt (specific-threats.rules)
 * 1:15957 <-> DISABLED <-> WEB-CLIENT Sophos Anti-Virus zip file handling DoS attempt (web-client.rules)
 * 1:15958 <-> DISABLED <-> WEB-MISC Novell ZENworks Remote Management overflow attempt (web-misc.rules)
 * 1:15961 <-> DISABLED <-> SPECIFIC-THREATS 3Com Network Supervisor directory traversal attempt (specific-threats.rules)
 * 1:15962 <-> DISABLED <-> SPECIFIC-THREATS Sybase EAServer WebConsole overflow attempt (specific-threats.rules)
 * 1:15964 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Exchange OWA XSS and spoofing attempt (specific-threats.rules)
 * 1:15965 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Explorer long share name buffer overflow attempt (specific-threats.rules)
 * 1:15966 <-> DISABLED <-> SPECIFIC-THREATS F-Secure Anti-Virus LHA processing buffer overflow attempt (specific-threats.rules)
 * 1:15967 <-> DISABLED <-> SPECIFIC-THREATS ICQ SRV_MULTI/SRV_META_USER overflow attempt (specific-threats.rules)
 * 1:15969 <-> DISABLED <-> SPECIFIC-THREATS Symantec Multiple Products ISAKMPd denial of service attempt (specific-threats.rules)
 * 1:15970 <-> DISABLED <-> SPECIFIC-THREATS Subversion svn pProtocol string parsing heap overflow attempt (specific-threats.rules)
 * 1:15977 <-> DISABLED <-> SPECIFIC-THREATS PHP strip_tags bypass vulnerability exploit attempt (specific-threats.rules)
 * 1:15981 <-> DISABLED <-> SPECIFIC-THREATS zlib Denial of Service (specific-threats.rules)
 * 1:15983 <-> DISABLED <-> SPECIFIC-THREATS Samba arbitrary file access exploit attempt (specific-threats.rules)
 * 1:15984 <-> DISABLED <-> SPECIFIC-THREATS Samba Printer Change Notification Request DoS attempt (specific-threats.rules)
 * 1:15985 <-> DISABLED <-> SPECIFIC-THREATS Microsoft ASP.NET canonicalization exploit attempt (specific-threats.rules)
 * 1:15986 <-> DISABLED <-> SPECIFIC-THREATS Samba unicode filename buffer overflow attempt (specific-threats.rules)
 * 1:15991 <-> ENABLED <-> DNS Multiple vendor DNS message decompression denial of service attempt (dns.rules)
 * 1:15994 <-> DISABLED <-> SPECIFIC-THREATS Squid strListGetItem denial of service attempt (specific-threats.rules)
 * 1:16016 <-> DISABLED <-> SPECIFIC-THREATS Microsoft client for netware overflow attempt (specific-threats.rules)
 * 1:16020 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL login handshake information disclosure attempt (specific-threats.rules)
 * 1:16022 <-> DISABLED <-> SPECIFIC-THREATS Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16027 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp midi file header overflow attempt (web-client.rules)
 * 1:16031 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer nested object tag memory corruption attempt (web-client.rules)
 * 1:16033 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer compressed content attempt (specific-threats.rules)
 * 1:16036 <-> DISABLED <-> WEB-CLIENT Mozilla Products QueryInterface method memory corruption attempt (web-client.rules)
 * 1:16037 <-> DISABLED <-> WEB-CLIENT Mozilla products graphics and XML features integer overflows attempt (web-client.rules)
 * 1:16039 <-> ENABLED <-> MISC EMC Dantz Retrospect Backup Agent denial of service attempt (misc.rules)
 * 1:16044 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox CSS Letter-Spacing overflow attempt (web-client.rules)
 * 1:16046 <-> ENABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (specific-threats.rules)
 * 1:16048 <-> DISABLED <-> WEB-CLIENT Microsoft ASP.NET application folder info disclosure attempt (web-client.rules)
 * 1:16050 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox tag order memory corruption attempt (web-client.rules)
 * 1:16051 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 conversion library code execution attempt (specific-threats.rules)
 * 1:16052 <-> DISABLED <-> DOS Novell iManager Tree parameter denial of service attempt (dos.rules)
 * 1:16053 <-> DISABLED <-> WEB-CLIENT GNU tar PAX extended headers handling overflow attempt (web-client.rules)
 * 1:16055 <-> DISABLED <-> WEB-CLIENT Apple iTunes AAC file handling integer overflow attempt (web-client.rules)
 * 1:16056 <-> DISABLED <-> WEB-MISC Symantec Scan Engine authentication bypass attempt (web-misc.rules)
 * 1:16063 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer isindex buffer overflow attempt (web-client.rules)
 * 1:16068 <-> DISABLED <-> SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit (specific-threats.rules)
 * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules)
 * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules)
 * 1:16076 <-> DISABLED <-> SPECIFIC-THREATS Tripwire format string vulnerability nfs exploit attempt (specific-threats.rules)
 * 1:16077 <-> DISABLED <-> SPECIFIC-THREATS Tripwire format string vulnerability ftp exploit attempt (specific-threats.rules)
 * 1:16080 <-> DISABLED <-> SPECIFIC-THREATS KAME racoon X509 certificate verification bypass attempt (specific-threats.rules)
 * 1:16087 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor AV gateway virus detection bypass attempt (specific-threats.rules)
 * 1:16089 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows embedded web font handling buffer overflow attempt (specific-threats.rules)
 * 1:16092 <-> DISABLED <-> BACKDOOR win32.delf.jwh runtime detection (backdoor.rules)
 * 1:16093 <-> DISABLED <-> BACKDOOR bugsprey runtime detection - initial connection (backdoor.rules)
 * 1:16094 <-> DISABLED <-> BACKDOOR trojan downloader exchan.gen variant runtime detection (backdoor.rules)
 * 1:16095 <-> DISABLED <-> BACKDOOR td.exe runtime detection - getfile (backdoor.rules)
 * 1:16096 <-> DISABLED <-> BACKDOOR td.exe runtime detection - download (backdoor.rules)
 * 1:16097 <-> DISABLED <-> BACKDOOR trojan win32.agent.vvm runtime detection (backdoor.rules)
 * 1:16098 <-> DISABLED <-> BACKDOOR win32.cekar variant runtime detection (backdoor.rules)
 * 1:16099 <-> DISABLED <-> BACKDOOR trojan-dropper.win32.agent.wdv runtime detection (backdoor.rules)
 * 1:16100 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - file.exe (backdoor.rules)
 * 1:16101 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - 57329.exe (backdoor.rules)
 * 1:16102 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - sft_ver1.1454.0.exe (backdoor.rules)
 * 1:16103 <-> DISABLED <-> BACKDOOR lost door 3.0 runtime detection - init (backdoor.rules)
 * 1:16104 <-> DISABLED <-> BACKDOOR lost door 3.0 runtime detection - init (backdoor.rules)
 * 1:16105 <-> DISABLED <-> BACKDOOR trojan.zlob runtime detection - topqualityads (backdoor.rules)
 * 1:16106 <-> DISABLED <-> BACKDOOR synrat 2.1 pro runtime detection - init (backdoor.rules)
 * 1:16107 <-> DISABLED <-> BACKDOOR synrat 2.1 pro runtime detection - init (backdoor.rules)
 * 1:16108 <-> DISABLED <-> BACKDOOR trojan downloader exchanger.gen2 runtime detection (backdoor.rules)
 * 1:16109 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - onestoponlineshop (backdoor.rules)
 * 1:16110 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - childhe (backdoor.rules)
 * 1:16111 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.zlob.wwv installtime detection (backdoor.rules)
 * 1:16112 <-> DISABLED <-> BACKDOOR trojan downloader.agent.vhb runtime detection - contact remote server (backdoor.rules)
 * 1:16113 <-> DISABLED <-> BACKDOOR trojan downloader.agent.vhb runtime detection - request login page (backdoor.rules)
 * 1:16114 <-> DISABLED <-> SPYWARE-PUT Hijacker cramtoolbar runtime detection - hijack (spyware-put.rules)
 * 1:16115 <-> DISABLED <-> SPYWARE-PUT Hijacker cramtoolbar runtime detection - search (spyware-put.rules)
 * 1:16116 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (spyware-put.rules)
 * 1:16117 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules)
 * 1:16118 <-> DISABLED <-> SPYWARE-PUT Adware winreanimator runtime detection - register request (spyware-put.rules)
 * 1:16119 <-> DISABLED <-> SPYWARE-PUT Adware winreanimator runtime detection - daily update (spyware-put.rules)
 * 1:16120 <-> DISABLED <-> SPYWARE-PUT Trackware 6sq toolbar runtime detection (spyware-put.rules)
 * 1:16121 <-> DISABLED <-> SPYWARE-PUT Hijacker weatherstudio runtime detection (spyware-put.rules)
 * 1:16122 <-> DISABLED <-> SPYWARE-PUT rogue antivirus xp 2008 runtime detection - buy (spyware-put.rules)
 * 1:16123 <-> DISABLED <-> SPYWARE-PUT rogue antivirus xp 2008 runtime detection - update (spyware-put.rules)
 * 1:16124 <-> DISABLED <-> SPYWARE-PUT downloader trojan.nsis.agent.s runtime detection (spyware-put.rules)
 * 1:16125 <-> DISABLED <-> SPYWARE-PUT Keylogger spyyahoo v2.2 runtime detection (spyware-put.rules)
 * 1:16126 <-> DISABLED <-> SPYWARE-PUT Trickler virusremover 2008 runtime detection (spyware-put.rules)
 * 1:16127 <-> DISABLED <-> SPYWARE-PUT Adware superiorads runtime detection (spyware-put.rules)
 * 1:16129 <-> DISABLED <-> SPYWARE-PUT Keylogger kamyab Keylogger v.3 runtime detection (spyware-put.rules)
 * 1:16131 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker trojan zlob.dnz runtime detection - ads (spyware-put.rules)
 * 1:16132 <-> DISABLED <-> SPYWARE-PUT Trackware owlforce runtime detection - remote server #1 (spyware-put.rules)
 * 1:16133 <-> DISABLED <-> SPYWARE-PUT Trackware owlforce runtime detection - remote server #2 (spyware-put.rules)
 * 1:16134 <-> DISABLED <-> SPYWARE-PUT Adware spyware guard 2008 runtime detection - contacts remote server (spyware-put.rules)
 * 1:16135 <-> DISABLED <-> SPYWARE-PUT Adware spyware guard 2008 runtime detection - purchase page (spyware-put.rules)
 * 1:16136 <-> DISABLED <-> SPYWARE-PUT Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (spyware-put.rules)
 * 1:16137 <-> DISABLED <-> SPYWARE-PUT Keylogger cheat monitor runtime detection (spyware-put.rules)
 * 1:16138 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (spyware-put.rules)
 * 1:16139 <-> DISABLED <-> SPYWARE-PUT downloader_trojan.gen2 runtime detection - scanner page (spyware-put.rules)
 * 1:16140 <-> DISABLED <-> BACKDOOR torpig-mebroot command and control checkin (backdoor.rules)
 * 1:16141 <-> DISABLED <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules)
 * 1:16151 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer unitialized or deleted object access attempt (web-client.rules)
 * 1:16153 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed WMF meta escape record memory corruption (web-client.rules)
 * 1:16155 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer indexing service malformed parameters (web-client.rules)
 * 1:16167 <-> DISABLED <-> DOS Microsoft LSASS integer wrap denial of service attempt (dos.rules)
 * 1:16169 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:16196 <-> ENABLED <-> SPECIFIC-THREATS Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (specific-threats.rules)
 * 1:16207 <-> DISABLED <-> WEB-MISC MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (web-misc.rules)
 * 1:16216 <-> DISABLED <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules)
 * 1:16217 <-> DISABLED <-> SPECIFIC-THREATS HP OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow (specific-threats.rules)
 * 1:16221 <-> DISABLED <-> EXPLOIT Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial of service attempt (exploit.rules)
 * 1:16224 <-> DISABLED <-> WEB-CLIENT Apple iTunes invalid tref box exploit attempt (web-client.rules)
 * 1:16225 <-> DISABLED <-> EXPLOIT Adobe Shockwave Flash arbitrary memory access attempt (exploit.rules)
 * 1:16229 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel oversized ib memory corruption attempt (web-client.rules)
 * 1:16231 <-> DISABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:16235 <-> DISABLED <-> EXPLOIT Microsoft Office Excel file SXDB record exploit attempt (exploit.rules)
 * 1:16236 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel file SxView record exploit attempt (web-client.rules)
 * 1:16240 <-> DISABLED <-> EXPLOIT Microsoft Office Excel file Window/Pane record exploit attempt (exploit.rules)
 * 1:16242 <-> DISABLED <-> BACKDOOR downloader-ash.gen.b runtime detection - adload (backdoor.rules)
 * 1:16243 <-> DISABLED <-> BACKDOOR downloader-ash.gen.b runtime detection - 3264.php (backdoor.rules)
 * 1:16244 <-> DISABLED <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules)
 * 1:16245 <-> DISABLED <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules)
 * 1:16246 <-> DISABLED <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules)
 * 1:16247 <-> DISABLED <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules)
 * 1:16248 <-> DISABLED <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules)
 * 1:16249 <-> DISABLED <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules)
 * 1:16250 <-> DISABLED <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules)
 * 1:16251 <-> DISABLED <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules)
 * 1:16252 <-> DISABLED <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules)
 * 1:16253 <-> DISABLED <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules)
 * 1:16254 <-> DISABLED <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules)
 * 1:16255 <-> DISABLED <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules)
 * 1:16256 <-> DISABLED <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules)
 * 1:16257 <-> DISABLED <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules)
 * 1:16258 <-> DISABLED <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules)
 * 1:16259 <-> DISABLED <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules)
 * 1:16260 <-> DISABLED <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules)
 * 1:16261 <-> DISABLED <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules)
 * 1:16262 <-> DISABLED <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules)
 * 1:16263 <-> DISABLED <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules)
 * 1:16264 <-> DISABLED <-> BACKDOOR rogue software 007 anti-spyware runtime detection - update (backdoor.rules)
 * 1:16265 <-> DISABLED <-> BACKDOOR rogue software 007 anti-spyware runtime detection - register (backdoor.rules)
 * 1:16266 <-> DISABLED <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules)
 * 1:16267 <-> DISABLED <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules)
 * 1:16268 <-> DISABLED <-> BACKDOOR trojan.tdss.1.gen install-time detection - yournewsblog.net (backdoor.rules)
 * 1:16269 <-> DISABLED <-> BACKDOOR trojan.tdss.1.gen install-time detection - findzproportal1.com (backdoor.rules)
 * 1:16270 <-> DISABLED <-> BACKDOOR Trojan.TDSS.1.Gen keepalive detection (backdoor.rules)
 * 1:16271 <-> DISABLED <-> BACKDOOR Trojan.TDSS.1.Gen keepalive detection (backdoor.rules)
 * 1:16272 <-> DISABLED <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - lordhack (backdoor.rules)
 * 1:16273 <-> DISABLED <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - dxcpm (backdoor.rules)
 * 1:16274 <-> DISABLED <-> SPYWARE-PUT Trickler trojan-spy.win32.pophot runtime detection - connect to server (spyware-put.rules)
 * 1:16275 <-> DISABLED <-> SPYWARE-PUT Trickler trojan-spy.win32.pophot runtime detection - download files (spyware-put.rules)
 * 1:16276 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl runtime detection (spyware-put.rules)
 * 1:16277 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl installtime detection - downloads malicious files (spyware-put.rules)
 * 1:16278 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl installime detection - updates remote server (spyware-put.rules)
 * 1:16279 <-> DISABLED <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - pre-sale page (backdoor.rules)
 * 1:16280 <-> DISABLED <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - registration and payment page (backdoor.rules)
 * 1:16291 <-> DISABLED <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules)
 * 1:16294 <-> DISABLED <-> EXPLOIT Microsoft Windows TCP stack zero window size exploit attempt (exploit.rules)
 * 1:16295 <-> DISABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - without optional fields (web-client.rules)
 * 1:16296 <-> DISABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - with optional fields (web-client.rules)
 * 1:16310 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16315 <-> DISABLED <-> WEB-MISC Adobe Flash PlugIn check if file exists attempt (web-misc.rules)
 * 1:16317 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer mouse move during refresh memory corruption attempt (exploit.rules)
 * 1:16319 <-> DISABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat attempt (web-client.rules)
 * 1:16328 <-> DISABLED <-> EXPLOIT Microsoft Office Project file parsing arbitrary memory access attempt (exploit.rules)
 * 1:16330 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer orphan DOM objects memory corruption attempt (web-client.rules)
 * 1:16331 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player JPEG parsing heap overflow attempt (web-client.rules)
 * 1:16332 <-> DISABLED <-> EXPLOIT Symantec System Center Alert Management System arbitrary command execution attempt (exploit.rules)
 * 1:16334 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader compressed media.newPlayer memory corruption attempt (specific-threats.rules)
 * 1:1634 <-> DISABLED <-> POP3 PASS overflow attempt (pop3.rules)
 * 1:16340 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media Player DHTML Editing ActiveX clsid access (specific-threats.rules)
 * 1:16344 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox top-level script object offset calculation memory corruption attempt (specific-threats.rules)
 * 1:1635 <-> DISABLED <-> POP3 APOP overflow attempt (pop3.rules)
 * 1:16351 <-> DISABLED <-> VOIP-SIP-TCP CSeq buffer overflow attempt (voip.rules)
 * 1:16359 <-> DISABLED <-> WEB-CLIENT Adobe Illustrator DSC comment overflow attempt (web-client.rules)
 * 1:16363 <-> DISABLED <-> POLICY potentially executable file upload via FTP (policy.rules)
 * 1:18493 <-> DISABLED <-> WEB-PHP generic PHP code obfuscation attempt (web-php.rules)
 * 1:18494 <-> DISABLED <-> NETBIOS Microsoft product .dll dll-load exploit attempt  (netbios.rules)
 * 1:18495 <-> DISABLED <-> WEB-CLIENT Microsoft product .dll dll-load exploit attempt (web-client.rules)
 * 1:18496 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (web-client.rules)
 * 1:18497 <-> DISABLED <-> NETBIOS Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (netbios.rules)
 * 1:18498 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Media Player dvr-ms file parsing remote code execution attempt (specific-threats.rules)
 * 1:18499 <-> DISABLED <-> WEB-CLIENT Microsoft Groove mso.dll dll-load exploit attempt (web-client.rules)
 * 1:18500 <-> DISABLED <-> NETBIOS Groove mso.dll dll-load exploit attempt  (netbios.rules)
 * 1:18506 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18507 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (web-client.rules)
 * 1:18509 <-> DISABLED <-> SPECIFIC-THREATS PeerCast format string exploit attempt (specific-threats.rules)
 * 1:18511 <-> DISABLED <-> SPECIFIC-THREATS Sourcefire Snort packet fragmentation reassembly denial of service attempt (specific-threats.rules)
 * 1:18512 <-> DISABLED <-> SPECIFIC-THREATS Novell ZENworks Remote Management overflow attempt (specific-threats.rules)
 * 1:18513 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL yaSSL SSL Hello Message Buffer Overflow attempt (specific-threats.rules)
 * 1:18515 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio VSD file icon memory corruption (specific-threats.rules)
 * 1:18517 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer long URL buffer overflow attempt (specific-threats.rules)
 * 1:18533 <-> DISABLED <-> DOS MIT Kerberos KDC authentication denial of service attempt (dos.rules)
 * 1:18534 <-> DISABLED <-> DOS MIT Kerberos KDC authentication denial of service attempt (dos.rules)
 * 1:18536 <-> ENABLED <-> SPECIFIC-THREATS OpenOffice.org Microsoft Word file processing integer underflow attempt (specific-threats.rules)
 * 1:18551 <-> ENABLED <-> SMTP Microsoft Office Word .doc attachment (smtp.rules)
 * 1:18552 <-> ENABLED <-> SMTP Microsoft Office Excel .xls attachment (smtp.rules)
 * 1:18553 <-> ENABLED <-> SMTP Microsoft Office Excel .xlw attachment (smtp.rules)
 * 1:18554 <-> ENABLED <-> SMTP Microsoft Office PowerPoint .ppt attachment (smtp.rules)
 * 1:18555 <-> DISABLED <-> MISC VERITAS NetBackup java authentication service format string exploit attempt (misc.rules)
 * 1:18556 <-> DISABLED <-> WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (web-misc.rules)
 * 1:18561 <-> DISABLED <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules)
 * 1:18562 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.LivePcCare contact to server attempt (botnet-cnc.rules)
 * 1:18565 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for mail.google.com detected (web-client.rules)
 * 1:18566 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for www.google.com detected (web-client.rules)
 * 1:18567 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for login.yahoo.com detected (web-client.rules)
 * 1:18568 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for login.yahoo.com detected (web-client.rules)
 * 1:18569 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for login.yahoo.com detected (web-client.rules)
 * 1:18570 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for login.skype.com detected (web-client.rules)
 * 1:18571 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for addons.mozilla.org detected (web-client.rules)
 * 1:18572 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for login.live.com detected (web-client.rules)
 * 1:18573 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate for global trustee detected (web-client.rules)
 * 1:18574 <-> DISABLED <-> SPECIFIC-THREATS RCPT TO overflow (specific-threats.rules)
 * 1:18576 <-> DISABLED <-> WEB-CLIENT fraudulent digital certificate from usertrust.com detected (web-client.rules)
 * 1:18577 <-> DISABLED <-> BOTNET-CNC Trojan-Banker.Win32.Banker.agum contact to server attempt (botnet-cnc.rules)
 * 1:18583 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18586 <-> DISABLED <-> WEB-PHP Visuplay CMS news_article.php unspecified SQL injection attempt  (web-php.rules)
 * 1:18589 <-> DISABLED <-> SPECIFIC-THREATS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (specific-threats.rules)
 * 1:18590 <-> DISABLED <-> SPECIFIC-THREATS Outlook Express WAB file parsing buffer overflow attempt (specific-threats.rules)
 * 1:18591 <-> DISABLED <-> SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow (specific-threats.rules)
 * 1:18596 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat util.printf buffer overflow attempt (specific-threats.rules)
 * 1:18597 <-> DISABLED <-> SPECIFIC-THREATS Opera file URI handling buffer overflow (specific-threats.rules)
 * 1:18598 <-> DISABLED <-> SPECIFIC-THREATS GoodTech SSH Server SFTP Processing Buffer Overflow (specific-threats.rules)
 * 1:18602 <-> DISABLED <-> SPECIFIC-THREATS CA BrightStor Agent for Microsoft SQL overflow attempt (specific-threats.rules)
 * 1:18603 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (specific-threats.rules)
 * 1:18604 <-> DISABLED <-> SPECIFIC-THREATS lizamoon script injection (specific-threats.rules)
 * 1:18608 <-> DISABLED <-> POLICY Dropbox desktop software in use (policy.rules)
 * 1:18609 <-> DISABLED <-> POLICY Dropbox desktop software in use (policy.rules)
 * 1:18612 <-> ENABLED <-> WEB-MISC Oracle Java Web Server Webdav Stack Buffer Overflow attempt (web-misc.rules)
 * 1:18613 <-> ENABLED <-> WEB-MISC Oracle Java Web Server Webdav Stack Buffer Overflow attempt (web-misc.rules)
 * 1:18618 <-> DISABLED <-> BLACKLIST Win32.Scar.dpvy/Parkchicers.A/Delf checkin (blacklist.rules)
 * 1:18619 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (web-client.rules)
 * 1:18620 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (web-client.rules)
 * 1:18621 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (web-client.rules)
 * 1:18622 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (web-client.rules)
 * 1:18623 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (web-client.rules)
 * 1:18625 <-> DISABLED <-> NETBIOS MFC applications mfc40.dll dll-load exploit attempt  (netbios.rules)
 * 1:18626 <-> DISABLED <-> NETBIOS MFC applications mfc42.dll dll-load exploit attempt  (netbios.rules)
 * 1:18627 <-> DISABLED <-> NETBIOS MFC applications mfc80.dll dll-load exploit attempt  (netbios.rules)
 * 1:18628 <-> DISABLED <-> NETBIOS MFC applications mfc90.dll dll-load exploit attempt  (netbios.rules)
 * 1:18629 <-> DISABLED <-> NETBIOS MFC applications mfc100.dll dll-load exploit attempt  (netbios.rules)
 * 1:18632 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel malformed Label record exploit attempt (web-client.rules)
 * 1:18633 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record memory corruption attempt (web-client.rules)
 * 1:18634 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Workspace file FontCount record memory corruption attempt (web-client.rules)
 * 1:18636 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint SlideAtom record exploit attempt (specific-threats.rules)
 * 1:18637 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (web-client.rules)
 * 1:18638 <-> DISABLED <-> EXPLOIT Microsoft Office Excel OfficeArtSpContainer record exploit attempt (exploit.rules)
 * 1:18639 <-> DISABLED <-> EXPLOIT Microsoft Office Excel CatSerRange record exploit attempt (exploit.rules)
 * 1:18645 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:18648 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe file upload/download attempt (scada.rules)
 * 1:18655 <-> DISABLED <-> BAD-TRAFFIC Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt  (bad-traffic.rules)
 * 1:18657 <-> DISABLED <-> SCADA IGSS dc.exe file execution directory traversal attempt (scada.rules)
 * 1:1866 <-> DISABLED <-> POP3 USER overflow attempt (pop3.rules)
 * 1:18670 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18678 <-> DISABLED <-> EXPLOIT osCommerce categories.php Arbitrary File Upload And Code Execution (exploit.rules)
 * 1:18681 <-> DISABLED <-> POLICY download of a PDF with embedded JavaScript - JavaScript string (policy.rules)
 * 1:18682 <-> DISABLED <-> POLICY download of a PDF with OpenAction object (policy.rules)
 * 1:18683 <-> DISABLED <-> POLICY Microsoft Office Excel file with embedded PDF object (policy.rules)
 * 1:18684 <-> DISABLED <-> POLICY PDF file with embedded PDF object (policy.rules)
 * 1:16735 <-> DISABLED <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules)
 * 1:16737 <-> DISABLED <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 1 (specific-threats.rules)
 * 1:16739 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox multiple playlist file handling overflow attempt (web-client.rules)
 * 1:1674 <-> DISABLED <-> ORACLE connect_data remote version detection attempt (oracle.rules)
 * 1:16742 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:1675 <-> DISABLED <-> ORACLE misparsed login response (oracle.rules)
 * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules)
 * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules)
 * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules)
 * 1:16786 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (specific-threats.rules)
 * 1:16787 <-> DISABLED <-> SPECIFIC-THREATS Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (specific-threats.rules)
 * 1:16796 <-> DISABLED <-> RPC Oracle Solaris sadmind UDP data length integer overflow attempt (rpc.rules)
 * 1:16797 <-> DISABLED <-> RPC Oracle Solaris sadmind TCP data length integer overflow attempt (rpc.rules)
 * 1:16804 <-> DISABLED <-> BACKDOOR  Backdoor.Win32.Qakbot.E - initial load (backdoor.rules)
 * 1:16805 <-> DISABLED <-> BACKDOOR  Backdoor.Win32.Qakbot.E config check (backdoor.rules)
 * 1:16806 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP upload seclog (backdoor.rules)
 * 1:16807 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP Upload ps_dump (backdoor.rules)
 * 1:16808 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Qakbot.E - register client (backdoor.rules)
 * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules)
 * 1:17049 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt via POST (web-misc.rules)
 * 1:17050 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt (web-misc.rules)
 * 1:17077 <-> DISABLED <-> SPECIFIC-THREATS Ask Toolbar AskJeevesToolBar.SettingsPlugin.1 ActiveX control buffer overflow attempt (specific-threats.rules)
 * 1:17103 <-> DISABLED <-> WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt (web-iis.rules)
 * 1:17125 <-> DISABLED <-> NETBIOS SMB Trans2 MaxDataCount overflow attempt  (netbios.rules)
 * 1:17129 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer use-after-free memory corruption attempt (web-client.rules)
 * 1:17132 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer invalid object access attempt (exploit.rules)
 * 1:17133 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:17134 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel out-of-bounds structure read memory corruption attempt (web-client.rules)
 * 1:17153 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules)
 * 1:17154 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules)
 * 1:17160 <-> DISABLED <-> SPECIFIC-THREATS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (specific-threats.rules)
 * 1:17212 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt (web-client.rules)
 * 1:17213 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17216 <-> DISABLED <-> WEB-CLIENT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (web-client.rules)
 * 1:17218 <-> DISABLED <-> WEB-CLIENT Apple Safari LI tag with large VALUE attribute exploit attempt (web-client.rules)
 * 1:17219 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17220 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17221 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17222 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17223 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player navigateToURL cross-site scripting attempt (specific-threats.rules)
 * 1:17224 <-> DISABLED <-> SMTP McAfee WebShield SMTP bounce message format string attempt (smtp.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detection (file-identify.rules)
 * 1:17231 <-> DISABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17232 <-> DISABLED <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules)
 * 1:17236 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (web-client.rules)
 * 1:17244 <-> DISABLED <-> SPECIFIC-THREATS Antivirus ACE file handling buffer overflow attempt (specific-threats.rules)
 * 1:17245 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox image dragging exploit attempt (web-client.rules)
 * 1:17252 <-> DISABLED <-> NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt  (netbios.rules)
 * 1:17255 <-> DISABLED <-> EXPLOIT Microsoft Windows IIS FastCGI heap overflow attempt (exploit.rules)
 * 1:17260 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (specific-threats.rules)
 * 1:17265 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin access control bypass attempt (web-client.rules)
 * 1:17266 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17267 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17268 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox sidebar panel arbitrary code execution attempt (specific-threats.rules)
 * 1:17271 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Web View script injection attempt (web-client.rules)
 * 1:17272 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer AVI parsing buffer overflow attempt (web-client.rules)
 * 1:17273 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17274 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17275 <-> DISABLED <-> SPECIFIC-THREATS Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (specific-threats.rules)
 * 1:17279 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Small Business directory traversal attempt (web-misc.rules)
 * 1:17280 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Small Business directory traversal attempt (web-misc.rules)
 * 1:17281 <-> DISABLED <-> SPECIFIC-THREATS Panda Antivirus ZOO archive decompression buffer overflow attempt (specific-threats.rules)
 * 1:17284 <-> DISABLED <-> WEB-CLIENT Microsoft Office malformed routing slip code execution attempt (web-client.rules)
 * 1:17285 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint PPT file parsing memory corruption attempt (web-client.rules)
 * 1:17286 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Visual Basic for Applications document properties overflow attempt (specific-threats.rules)
 * 1:17289 <-> DISABLED <-> SPECIFIC-THREATS GNU gzip LZH decompression make_table overflow attempt (specific-threats.rules)
 * 1:1729 <-> DISABLED <-> CHAT IRC channel join (chat.rules)
 * 1:17292 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed data record code execution attempt (web-client.rules)
 * 1:17297 <-> DISABLED <-> SPECIFIC-THREATS McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (specific-threats.rules)
 * 1:17303 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer clone object memory corruption attempt (web-client.rules)
 * 1:17307 <-> DISABLED <-> SPECIFIC-THREATS MS SQL Server INSERT Statement Buffer Overflow attempt (specific-threats.rules)
 * 1:17309 <-> DISABLED <-> SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow (specific-threats.rules)
 * 1:17311 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (specific-threats.rules)
 * 1:17312 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (specific-threats.rules)
 * 1:17316 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Folder GUID Code Execution attempt (web-client.rules)
 * 1:17317 <-> DISABLED <-> SPECIFIC-THREATS OpenSSH sshd Identical Blocks DOS attempt (specific-threats.rules)
 * 1:17318 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17319 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:1732 <-> DISABLED <-> RPC portmap rwalld request UDP (rpc.rules)
 * 1:17320 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17327 <-> ENABLED <-> IMAP Qualcomm WorldMail Server Response (imap.rules)
 * 1:1733 <-> DISABLED <-> RPC portmap rwalld request TCP (rpc.rules)
 * 1:17330 <-> DISABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17333 <-> DISABLED <-> SMTP Lotus Notes Attachment Viewer UUE file buffer overflow attempt (smtp.rules)
 * 1:17334 <-> DISABLED <-> SPECIFIC-THREATS RealPlayer SWF Flash File buffer overflow attempt (specific-threats.rules)
 * 1:17346 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Cross Site Scripting attempt (specific-threats.rules)
 * 1:17347 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17348 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17349 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17351 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (web-client.rules)
 * 1:17354 <-> DISABLED <-> SPECIFIC-THREATS Apache Byte-Range Filter denial of service attempt (specific-threats.rules)
 * 1:17361 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (specific-threats.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> DISABLED <-> WEB-MISC Squid authentication headers handling denial of service attempt (web-misc.rules)
 * 1:17371 <-> DISABLED <-> WEB-MISC Squid authentication headers handling denial of service attempt (web-misc.rules)
 * 1:17377 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (specific-threats.rules)
 * 1:17384 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt (web-client.rules)
 * 1:17385 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt (web-client.rules)
 * 1:17386 <-> DISABLED <-> SPECIFIC-THREATS Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (specific-threats.rules)
 * 1:17387 <-> DISABLED <-> WEB-MISC Apache Tomcat allowLinking URIencoding directory traversal attempt (web-misc.rules)
 * 1:17388 <-> DISABLED <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules)
 * 1:17389 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox DOMNodeRemoved attack attempt (specific-threats.rules)
 * 1:17396 <-> ENABLED <-> EXPLOIT VNC client authentication response (exploit.rules)
 * 1:17400 <-> DISABLED <-> WEB-CLIENT rename of JavaScript unescape function - likely malware obfuscation (web-client.rules)
 * 1:17407 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17408 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX Targa image file heap overflow attempt (web-client.rules)
 * 1:17409 <-> DISABLED <-> WEB-CLIENT Mozilla Products IDN Spoofing Vulnerability Attempt (web-client.rules)
 * 1:17410 <-> DISABLED <-> WEB-MISC Generic HyperLink buffer overflow attempt (web-misc.rules)
 * 1:17411 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CDF cross-domain scripting attempt (specific-threats.rules)
 * 1:17413 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Jet DB Engine Buffer Overflow attempt (specific-threats.rules)
 * 1:17414 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17415 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17420 <-> DISABLED <-> WEB-MISC Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (web-misc.rules)
 * 1:17422 <-> DISABLED <-> SPECIFIC-THREATS Firefox defineSetter function pointer memory corruption attempt (specific-threats.rules)
 * 1:17423 <-> DISABLED <-> WEB-MISC Citrix Program Neighborhood Agent Buffer Overflow attempt (web-misc.rules)
 * 1:17424 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (specific-threats.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17427 <-> DISABLED <-> SPECIFIC-THREATS Oracle database DBMS_Scheduler privilege escalation attempt (specific-threats.rules)
 * 1:17432 <-> DISABLED <-> WEB-MISC Squid Gopher protocol handling buffer overflow attempt (web-misc.rules)
 * 1:17434 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Unicode sequence handling stack corruption attempt (web-client.rules)
 * 1:17435 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:17437 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:17440 <-> DISABLED <-> WEB-MISC RSA authentication agent for web redirect buffer overflow attempt (web-misc.rules)
 * 1:17443 <-> DISABLED <-> WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt (web-client.rules)
 * 1:17446 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer FTP client directory traversal attempt (specific-threats.rules)
 * 1:17447 <-> DISABLED <-> WEB-MISC 407 Proxy Authentication Required (web-misc.rules)
 * 1:17448 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (specific-threats.rules)
 * 1:17449 <-> DISABLED <-> WEB-MISC Novell ZENworks patch management SQL injection attempt (web-misc.rules)
 * 1:17450 <-> DISABLED <-> WEB-MISC CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (web-misc.rules)
 * 1:17457 <-> DISABLED <-> WEB-CLIENT Adobe Flash ActionDefineFunction memory access vulnerability exploit attempt (web-client.rules)
 * 1:17458 <-> DISABLED <-> WEB-CLIENT BitDefender Internet Security script code execution attempt (web-client.rules)
 * 1:1746 <-> DISABLED <-> RPC portmap cachefsd request UDP (rpc.rules)
 * 1:17461 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer zipped skin file buffer overflow attempt (specific-threats.rules)
 * 1:17463 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer File Download Dialog Box Manipulation (specific-threats.rules)
 * 1:17466 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (specific-threats.rules)
 * 1:17468 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (web-client.rules)
 * 1:1747 <-> DISABLED <-> RPC portmap cachefsd request TCP (rpc.rules)
 * 1:17481 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Exchange and Outlook TNEF Decoding Integer Overflow attempt (specific-threats.rules)
 * 1:17482 <-> DISABLED <-> WEB-CLIENT Mozilla NNTP URL Handling Buffer Overflow attempt (web-client.rules)
 * 1:17484 <-> DISABLED <-> DNS squid proxy dns PTR record response denial of service attempt (dns.rules)
 * 1:17486 <-> DISABLED <-> WEB-MISC Trend Micro Control Manager Chunked overflow attempt (web-misc.rules)
 * 1:17487 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (web-client.rules)
 * 1:17488 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed Range Code Execution attempt (specific-threats.rules)
 * 1:17489 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Help File Heap Buffer Overflow attempt (specific-threats.rules)
 * 1:17490 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (specific-threats.rules)
 * 1:17491 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (specific-threats.rules)
 * 1:17492 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (specific-threats.rules)
 * 1:17493 <-> DISABLED <-> SPECIFIC-THREATS ClamAV UPX FileHandling Heap overflow attempt (specific-threats.rules)
 * 1:17494 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt (web-client.rules)
 * 1:17495 <-> DISABLED <-> SPECIFIC-THREATS Squid proxy DNS response spoofing attempt (specific-threats.rules)
 * 1:17496 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed NamedShows record code execution attempt (specific-threats.rules)
 * 1:17497 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed NamedShows record code execution attempt (specific-threats.rules)
 * 1:17505 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17506 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17507 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17508 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17511 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel malformed Graphic Code Execution (web-client.rules)
 * 1:17512 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17513 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17514 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17515 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17516 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt (web-client.rules)
 * 1:17517 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Record Code Execution attempt (web-client.rules)
 * 1:17521 <-> DISABLED <-> SPECIFIC-THREATS GoodTech SSH Server SFTP Processing Buffer Overflow (specific-threats.rules)
 * 1:17523 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow (specific-threats.rules)
 * 1:17524 <-> DISABLED <-> SPECIFIC-THREATS Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (specific-threats.rules)
 * 1:17527 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (specific-threats.rules)
 * 1:17529 <-> DISABLED <-> SPECIFIC-THREATS Adobe RoboHelp Server Arbitrary File Upload and Execute (specific-threats.rules)
 * 1:17534 <-> ENABLED <-> MISC IPP Application Content (misc.rules)
 * 1:17540 <-> DISABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17541 <-> DISABLED <-> SPECIFIC-THREATS Avast! Antivirus Engine Remote LHA buffer overflow attempt (specific-threats.rules)
 * 1:17543 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Column record handling memory corruption attempt (specific-threats.rules)
 * 1:17550 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word Font Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17551 <-> DISABLED <-> CHAT MSN Messenger and Windows Live Messenger Code Execution attempt (chat.rules)
 * 1:17553 <-> DISABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17554 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer DOM object cache management memory corruption attempt (specific-threats.rules)
 * 1:17559 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (specific-threats.rules)
 * 1:17574 <-> DISABLED <-> SPECIFIC-THREATS Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17578 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word Section Table Array Buffer Overflow attempt (specific-threats.rules)
 * 1:17579 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Drawing Record msofbtOPT Code Execution attempt (specific-threats.rules)
 * 1:17580 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules)
 * 1:17581 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox tag order memory corruption attempt (specific-threats.rules)
 * 1:17585 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer possible javascript onunload event memory corruption (specific-threats.rules)
 * 1:17586 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start malicious parameter value (web-client.rules)
 * 1:17587 <-> DISABLED <-> SPECIFIC-THREATS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (specific-threats.rules)
 * 1:17598 <-> DISABLED <-> SPECIFIC-THREATS IBM DB2 Universal Database accsec command without rdbnam (specific-threats.rules)
 * 1:17599 <-> DISABLED <-> SPECIFIC-THREATS IBM DB2 Universal Database rdbname denial of service attempt (specific-threats.rules)
 * 1:17604 <-> DISABLED <-> SPECIFIC-THREATS Java AWT ConvolveOp memory corruption attempt (specific-threats.rules)
 * 1:17618 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows hraphics engine EMF rendering vulnerability (specific-threats.rules)
 * 1:1762 <-> DISABLED <-> WEB-CGI phf arbitrary command execution attempt (web-cgi.rules)
 * 1:17620 <-> DISABLED <-> SPECIFIC-THREATS Products Discovery Service Buffer Overflow (specific-threats.rules)
 * 1:17621 <-> DISABLED <-> SPECIFIC-THREATS Products Discovery Service Buffer Overflow (specific-threats.rules)
 * 1:17622 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer object reference memory corruption attempt (specific-threats.rules)
 * 1:17625 <-> DISABLED <-> ORACLE Oracle Database Core RDBMS component denial of service attempt (oracle.rules)
 * 1:17626 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows embedded web font handling buffer overflow attempt (specific-threats.rules)
 * 1:17628 <-> DISABLED <-> SPECIFIC-THREATS Sun Microsystems Java gif handling memory corruption attempt (specific-threats.rules)
 * 1:17629 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian object call overflow attempt (netbios.rules)
 * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian overflow attempt (netbios.rules)
 * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 object call overflow attempt (netbios.rules)
 * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 overflow attempt (netbios.rules)
 * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules)
 * 1:17648 <-> DISABLED <-> WEB-IIS source code disclosure attempt (web-iis.rules)
 * 1:17651 <-> DISABLED <-> SPECIFIC-THREATS Multiple AV vendor invalid archive checksum bypass attempt (specific-threats.rules)
 * 1:17652 <-> DISABLED <-> WEB-MISC Microsoft Windows IIS source code disclosure attempt (web-misc.rules)
 * 1:17653 <-> DISABLED <-> WEB-MISC Microsoft Windows IIS source code disclosure attempt (web-misc.rules)
 * 1:17656 <-> DISABLED <-> WEB-MISC Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (web-misc.rules)
 * 1:17658 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash frame type identifier memory corruption attempt (specific-threats.rules)
 * 1:17662 <-> DISABLED <-> BAD-TRAFFIC Oracle Solaris DHCP Client Arbitrary Code Execution attempt (bad-traffic.rules)
 * 1:17664 <-> DISABLED <-> WEB-CLIENT Microsoft Office GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:17666 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer invalid chunk size heap overflow attempt (web-client.rules)
 * 1:17668 <-> DISABLED <-> POLICY download of a PDF with embedded JavaScript - JS string (policy.rules)
 * 1:17680 <-> DISABLED <-> SPECIFIC-THREATS ISC BIND DNSSEC Validation Multiple RRsets DoS (specific-threats.rules)
 * 1:17698 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer wav chunk string overflow attempt in email (specific-threats.rules)
 * 1:17703 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer popup title bar spoofing attempt (specific-threats.rules)
 * 1:17704 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA file parsing buffer overflow attempt (specific-threats.rules)
 * 1:17705 <-> DISABLED <-> WEB-IIS web agent chunked encoding overflow attempt (web-iis.rules)
 * 1:1771 <-> DISABLED <-> POLICY IPSec PGPNet connection attempt (policy.rules)
 * 1:17712 <-> DISABLED <-> SPECIFIC-THREATS TFTP PUT Microsoft RIS filename overwrite attempt (specific-threats.rules)
 * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17716 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules)
 * 1:17717 <-> DISABLED <-> SMTP IBM Lotus Notes HTML input tag buffer overflow attempt (smtp.rules)
 * 1:17718 <-> DISABLED <-> SPECIFIC-THREATS Oracle MDSYS drop table trigger injection attempt (specific-threats.rules)
 * 1:17720 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:17722 <-> DISABLED <-> ORACLE Oracle XDB.XDB_PITRIG_PKG buffer overflow attempt (oracle.rules)
 * 1:17724 <-> DISABLED <-> SPECIFIC-THREATS malicious ASP file upload attempt (specific-threats.rules)
 * 1:17726 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer address bar spoofing attempt (specific-threats.rules)
 * 1:17727 <-> DISABLED <-> SPECIFIC-THREATS Sun JDK image parsing library ICC buffer overflow attempt (specific-threats.rules)
 * 1:17736 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA Type-2 file handling overflow attempt (specific-threats.rules)
 * 1:17737 <-> DISABLED <-> SPECIFIC-THREATS Microsoft collaboration data objects buffer overflow attempt (specific-threats.rules)
 * 1:17738 <-> DISABLED <-> SPECIFIC-THREATS Linux Kernel SNMP Netfilter Memory Corruption attempt (specific-threats.rules)
 * 1:17740 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime FlashPix processing overflow attempt (specific-threats.rules)
 * 1:17745 <-> DISABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17746 <-> DISABLED <-> NETBIOS SMB client TRANS response Find_First2 filename overflow attempt (netbios.rules)
 * 1:17748 <-> DISABLED <-> WEB-MISC TLSv1 Client_Certificate handshake (web-misc.rules)
 * 1:17750 <-> DISABLED <-> DOS Microsoft IIS 7.5 client verify null pointer attempt (dos.rules)
 * 1:17753 <-> DISABLED <-> MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (multimedia.rules)
 * 1:17766 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (exploit.rules)
 * 1:17767 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (exploit.rules)
 * 1:17776 <-> DISABLED <-> WEB-CLIENT Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (web-client.rules)
 * 1:17777 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes WPD attachment handling buffer overflow (specific-threats.rules)
 * 1:17780 <-> DISABLED <-> SPECIFIC-THREATS CBO CBL CBM buffer overflow attempt (specific-threats.rules)
 * 1:17805 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Neeris.BF contact to server attempt (botnet-cnc.rules)
 * 1:17810 <-> DISABLED <-> WEB-MISC potential malware - download of server32.exe (web-misc.rules)
 * 1:17811 <-> DISABLED <-> WEB-MISC potential malware - download of svchost.exe (web-misc.rules)
 * 1:17812 <-> DISABLED <-> WEB-MISC potential malware - download of iexplore.exe (web-misc.rules)
 * 1:17813 <-> DISABLED <-> WEB-MISC potential malware - download of iprinp.dll (web-misc.rules)
 * 1:17814 <-> DISABLED <-> WEB-MISC potential malware - download of winzf32.dll (web-misc.rules)
 * 1:1789 <-> DISABLED <-> CHAT IRC dns request (chat.rules)
 * 1:1790 <-> DISABLED <-> CHAT IRC dns response (chat.rules)
 * 1:18069 <-> DISABLED <-> WEB-CLIENT Microsoft Office Art drawing invalid shape identifier attempt (web-client.rules)
 * 1:18070 <-> DISABLED <-> NETBIOS Microsoft Office pptimpconv.dll dll-load exploit attempt  (netbios.rules)
 * 1:18071 <-> DISABLED <-> WEB-CLIENT Microsoft Office pptimpconv.dll dll-load exploit attempt (web-client.rules)
 * 1:18072 <-> DISABLED <-> WEB-MISC Microsoft Forefront UAG external redirect attempt (web-misc.rules)
 * 1:18073 <-> DISABLED <-> WEB-MISC Microsoft Forefront UAG arbitrary embedded scripting attempt (web-misc.rules)
 * 1:18096 <-> DISABLED <-> WEB-MISC Apache Tomcat username enumeration attempt (web-misc.rules)
 * 1:18098 <-> DISABLED <-> BOTNET-CNC URI request for known malicious URI - Carberp (botnet-cnc.rules)
 * 1:18099 <-> DISABLED <-> BOTNET-CNC URI request for known malicious URI - Carberp (botnet-cnc.rules)
 * 1:18100 <-> DISABLED <-> BOTNET-CNC Tidserv malware command and control channel traffic (botnet-cnc.rules)
 * 1:18132 <-> DISABLED <-> SPECIFIC-THREATS malware-associated JavaScript obfuscation function (specific-threats.rules)
 * 1:18174 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt (specific-threats.rules)
 * 1:18175 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt (specific-threats.rules)
 * 1:18176 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:18177 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:18178 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:18179 <-> DISABLED <-> SCAN Proxyfire.net anonymous proxy scan (scan.rules)
 * 1:18181 <-> DISABLED <-> SPECIFIC-THREATS ProFTPd 1.3.3c backdoor activity (specific-threats.rules)
 * 1:18182 <-> DISABLED <-> SPECIFIC-THREATS ProFTPd 1.3.3c backdoor help access attempt (specific-threats.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18193 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:18194 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:18195 <-> DISABLED <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt (specific-threats.rules)
 * 1:18202 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book smmscrpt.dll malicious DLL load (web-client.rules)
 * 1:18203 <-> DISABLED <-> NETBIOS Windows Address Book smmscrpt.dll malicious DLL load  (netbios.rules)
 * 1:18204 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (web-client.rules)
 * 1:18205 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (web-client.rules)
 * 1:18206 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (netbios.rules)
 * 1:18207 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (netbios.rules)
 * 1:18208 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wininet peerdist.dll dll-load exploit attempt (web-client.rules)
 * 1:18209 <-> DISABLED <-> NETBIOS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (netbios.rules)
 * 1:18215 <-> DISABLED <-> NETBIOS NETAPI RPC interface reboot attempt  (netbios.rules)
 * 1:18216 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6 #default#anim attempt (web-client.rules)
 * 1:18217 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer select element memory corruption attempt (web-client.rules)
 * 1:18218 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer time element memory corruption attempt (specific-threats.rules)
 * 1:18219 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18221 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table remote code execution attempt (web-client.rules)
 * 1:18222 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18223 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18224 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18225 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18226 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18227 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18248 <-> DISABLED <-> EXPLOIT Unisys Business Information Server stack buffer overflow attempt (exploit.rules)
 * 1:18264 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript deleted frame or window reference attempt (specific-threats.rules)
 * 1:18273 <-> DISABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18275 <-> DISABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18277 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18278 <-> DISABLED <-> NETBIOS Vista Backup Tool fveapi.dll dll-load exploit attempt  (netbios.rules)
 * 1:18279 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Karagany.A contact to server attempt (botnet-cnc.rules)
 * 1:18281 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.VB.njz contact to server attempt (botnet-cnc.rules)
 * 1:18282 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules)
 * 1:18297 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (web-client.rules)
 * 1:18298 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript large regex memory corruption attempt (specific-threats.rules)
 * 1:18299 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer implicit drag and drop file installation attempt (web-client.rules)
 * 1:18300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer FTP command injection attempt (web-client.rules)
 * 1:18304 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer span tag memory corruption attempt (web-client.rules)
 * 1:18305 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules)
 * 1:18307 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer frameset memory corruption attempt (specific-threats.rules)
 * 1:18309 <-> DISABLED <-> WEB-CLIENT Microsoft Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:18317 <-> DISABLED <-> SMTP RCPT TO IPSwitch proxy overflow attempt (smtp.rules)
 * 1:18319 <-> DISABLED <-> SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (specific-threats.rules)
 * 1:18320 <-> DISABLED <-> SPECIFIC-THREATS WINS association context validation overflow attempt (specific-threats.rules)
 * 1:18327 <-> DISABLED <-> SCADA Kingview HMI heap overflow attempt (scada.rules)
 * 1:18332 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox JS Web Worker arbitrary code execution attempt (web-client.rules)
 * 1:18333 <-> DISABLED <-> WEB-MISC phpBook date command execution attempt (web-misc.rules)
 * 1:18334 <-> DISABLED <-> WEB-MISC phpBook mail command execution attempt (web-misc.rules)
 * 1:18335 <-> DISABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Flipopia (blacklist.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GabPath (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18353 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string SelectRebates (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string random (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Oncues (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string msndown (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Installer (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string MSDN SurfBear (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Trololo (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string malware (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18388 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string 3653Client (blacklist.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string MyLove (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string qixi (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18396 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Hypervisor DOS vfd download attempt (web-client.rules)
 * 1:18397 <-> DISABLED <-> MISC HP DDMI Agent spoofing - command execution (misc.rules)
 * 1:18403 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer datasrc overflow attempt (web-client.rules)
 * 1:18419 <-> DISABLED <-> WEB-CLIENT Adobe field flags exploit attempt (web-client.rules)
 * 1:18426 <-> DISABLED <-> NETBIOS Acrobat Reader plugin sqlite.dll dll-load exploit attempt  (netbios.rules)
 * 1:18431 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin sqlite.dll dll-load exploit attempt (web-client.rules)
 * 1:18432 <-> DISABLED <-> WEB-CLIENT Acrobat Reader d3dref9.dll dll-load exploit attempt (web-client.rules)
 * 1:18433 <-> DISABLED <-> NETBIOS Acrobat Reader d3dref9.dll dll-load exploit attempt  (netbios.rules)
 * 1:18434 <-> DISABLED <-> NETBIOS Acrobat Reader plugin ace.dll dll-load exploit attempt  (netbios.rules)
 * 1:18435 <-> DISABLED <-> NETBIOS Acrobat Reader plugin agm.dll dll-load exploit attempt  (netbios.rules)
 * 1:18436 <-> DISABLED <-> NETBIOS Acrobat Reader plugin bibutils.dll dll-load exploit attempt  (netbios.rules)
 * 1:18437 <-> DISABLED <-> NETBIOS Acrobat Reader plugin cooltype.dll dll-load exploit attempt  (netbios.rules)
 * 1:18438 <-> DISABLED <-> NETBIOS Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt  (netbios.rules)
 * 1:18439 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin ace.dll dll-load exploit attempt (web-client.rules)
 * 1:18440 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin agm.dll dll-load exploit attempt (web-client.rules)
 * 1:18441 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin bibutils.dll dll-load exploit attempt (web-client.rules)
 * 1:18442 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin cooltype.dll dll-load exploit attempt (web-client.rules)
 * 1:18443 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (web-client.rules)
 * 1:18445 <-> DISABLED <-> WEB-CLIENT Acrobat Flash Player nvapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18446 <-> DISABLED <-> NETBIOS Acrobat Flash Player nvapi.dll dll-load exploit attempt  (netbios.rules)
 * 1:18448 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat Universal 3D stream memory corruption attempt (specific-threats.rules)
 * 1:18450 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader malformed BMP RGBQUAD attempt (specific-threats.rules)
 * 1:18451 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat ICC color integer overflow attempt (specific-threats.rules)
 * 1:18452 <-> DISABLED <-> SPECIFIC-THREATS Adobe malicious IFF memory corruption attempt (specific-threats.rules)
 * 1:18453 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat universal 3D format memory corruption attempt (specific-threats.rules)
 * 1:18454 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat universal 3D format memory corruption attempt (specific-threats.rules)
 * 1:18455 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader malformed jpeg2000 superbox attempt (specific-threats.rules)
 * 1:1846 <-> DISABLED <-> POLICY vncviewer Java applet download attempt (policy.rules)
 * 1:18462 <-> DISABLED <-> NETBIOS Microsoft Windows 2003 browser election remote heap overflow attempt (netbios.rules)
 * 1:18470 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via URI (web-misc.rules)
 * 1:18471 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via POST (web-misc.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18473 <-> DISABLED <-> ICMP-INFO ICMPv6 Echo Reply (icmp-info.rules)
 * 1:18474 <-> DISABLED <-> ICMP-INFO ICMPv6 Echo Request (icmp-info.rules)
 * 1:18476 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules)
 * 1:18477 <-> DISABLED <-> SPECIFIC-THREATS Lotus Notes MIF viewer statement data overflow 2 (specific-threats.rules)
 * 1:18478 <-> DISABLED <-> WEB-PHP miniBB rss.php premodDir remote file include attempt (web-php.rules)
 * 1:18479 <-> DISABLED <-> WEB-PHP miniBB rss.php pathToFiles remote file include attempt (web-php.rules)
 * 1:18480 <-> DISABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - userid parameter (web-misc.rules)
 * 1:18481 <-> DISABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - password parameter (web-misc.rules)
 * 1:18488 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop wintab32.dll dll-load exploit attempt (web-client.rules)
 * 1:18489 <-> DISABLED <-> NETBIOS Adobe Photoshop wintab32.dll dll-load exploit attempt (netbios.rules)
 * 1:19724 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Agent.dhy outbound connection (botnet-cnc.rules)
 * 1:19725 <-> DISABLED <-> BOTNET-CNC Win32.Poison.AY outbound connection (botnet-cnc.rules)
 * 1:19726 <-> DISABLED <-> BOTNET-CNC Win32.Poison.AY outbound connection (botnet-cnc.rules)
 * 1:19727 <-> DISABLED <-> BACKDOOR Trojan Win32.Bancos.DI outbound connection (backdoor.rules)
 * 1:19735 <-> DISABLED <-> POLICY Filesonic file-sharing site contacted (policy.rules)
 * 1:19736 <-> DISABLED <-> POLICY Megaupload file-sharing site contacted (policy.rules)
 * 1:19737 <-> DISABLED <-> POLICY Rapidshare file-sharing site contacted (policy.rules)
 * 1:19772 <-> DISABLED <-> BACKDOOR Virus.Win32.Parite.B runtime detection (backdoor.rules)
 * 1:19780 <-> DISABLED <-> POLICY logmein.com connection attempt (policy.rules)
 * 1:19789 <-> DISABLED <-> BACKDOOR P2P Worm Win32.SpyBot.pgh outbound connection (backdoor.rules)
 * 1:19810 <-> DISABLED <-> EXPLOIT CA Total Defense Suite UNCWS DeleteReports stored procedure SQL injection (exploit.rules)
 * 1:19815 <-> DISABLED <-> EXPLOIT HP Operations Manager Server Default Credientials in use attempt (exploit.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19825 <-> DISABLED <-> DOS Apache Killer denial of service tool exploit attempt (dos.rules)
 * 1:1986 <-> DISABLED <-> CHAT MSN outbound file transfer request (chat.rules)
 * 1:19867 <-> DISABLED <-> POLICY randomized javascript encodings detected (policy.rules)
 * 1:19869 <-> DISABLED <-> DOS Anonymous PHP RefRef DoS tool (dos.rules)
 * 1:19870 <-> DISABLED <-> DOS Anonymous Perl RefRef DoS tool (dos.rules)
 * 1:19871 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML buffer overflow attempt (web-client.rules)
 * 1:1988 <-> DISABLED <-> CHAT MSN outbound file transfer accept (chat.rules)
 * 1:19883 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (specific-threats.rules)
 * 1:19884 <-> DISABLED <-> POLICY String.fromCharCode with multiple encoding types detected (policy.rules)
 * 1:19885 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (web-client.rules)
 * 1:19889 <-> DISABLED <-> POLICY base64-encoded data object found (policy.rules)
 * 1:1989 <-> DISABLED <-> CHAT MSN outbound file transfer rejected (chat.rules)
 * 1:19894 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 1:1990 <-> DISABLED <-> CHAT MSN user search (chat.rules)
 * 1:19916 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Bancos.ACB outbound connection (botnet-cnc.rules)
 * 1:19918 <-> DISABLED <-> BOTNET-CNC Worm Win32.Ganelp.B outbound connection (botnet-cnc.rules)
 * 1:19921 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Puprlehzae.A outbound connection (botnet-cnc.rules)
 * 1:19924 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Spidern.A outbound connection (botnet-cnc.rules)
 * 1:19937 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt (web-client.rules)
 * 1:19950 <-> DISABLED <-> BACKDOOR DarkstRat 2008 inbound connection (backdoor.rules)
 * 1:19952 <-> DISABLED <-> BACKDOOR Biodox inbound connection (backdoor.rules)
 * 1:19972 <-> DISABLED <-> NETBIOS SMB client TRANS response paramcount overflow attempt (netbios.rules)
 * 1:19981 <-> DISABLED <-> BOTNET-CNC Trojan Micstus.A runtime traffic detected (botnet-cnc.rules)
 * 1:20001 <-> DISABLED <-> BACKDOOR Allaple.e outbound connection (backdoor.rules)
 * 1:20021 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Brontok (blacklist.rules)
 * 1:20030 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (scada.rules)
 * 1:20031 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20039 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Hardcore Software (blacklist.rules)
 * 1:20042 <-> DISABLED <-> BOTNET-CNC Trojan Sinowal outbond connection (botnet-cnc.rules)
 * 1:20043 <-> DISABLED <-> BOTNET-CNC Adware Kraddare.AZ outbound connection (botnet-cnc.rules)
 * 1:2005 <-> DISABLED <-> RPC portmap kcms_server request UDP (rpc.rules)
 * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules)
 * 1:20064 <-> DISABLED <-> BOTNET-CNC Malware Trojan.Win32.Clemag.A contact to server attempt (botnet-cnc.rules)
 * 1:20066 <-> DISABLED <-> BOTNET-CNC Trojan Win32 SensLiceld.A runtime traffic detected (botnet-cnc.rules)
 * 1:20067 <-> DISABLED <-> BOTNET-CNC Trojan Win32 Zatvex.A runtime traffic detected (botnet-cnc.rules)
 * 1:20068 <-> DISABLED <-> BOTNET-CNC Trojan Jetilms.A runtime activity detected (botnet-cnc.rules)
 * 1:20069 <-> DISABLED <-> BOTNET-CNC Trojan VB.alhq runtime traffic detected (botnet-cnc.rules)
 * 1:20073 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20083 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Fucobha.A outbound connection (botnet-cnc.rules)
 * 1:20086 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Banload.ABY outbound connection (botnet-cnc.rules)
 * 1:20087 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Banker.FGU outbound connection (botnet-cnc.rules)
 * 1:20096 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outbound connection (botnet-cnc.rules)
 * 1:20097 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected host at destination ip (botnet-cnc.rules)
 * 1:20098 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.KeyLogger.wav outbound connection (botnet-cnc.rules)
 * 1:20107 <-> DISABLED <-> BOTNET-CNC Trojan Downloader.Win32.Small.Cns outbound connection (botnet-cnc.rules)
 * 1:20108 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Banker.Pher outbound connection (botnet-cnc.rules)
 * 1:20111 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20112 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20113 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20114 <-> DISABLED <-> EXPLOIT Microsoft SharePoint hiddenSpanData cross site scripting attempt (exploit.rules)
 * 1:20115 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint XML external entity exploit attempt (exploit.rules)
 * 1:20116 <-> DISABLED <-> EXPLOIT Microsoft Sharepoint Javascript XSS attempt (exploit.rules)
 * 1:20117 <-> DISABLED <-> EXPLOIT Microsoft SharePoint XSS (exploit.rules)
 * 1:20118 <-> DISABLED <-> NETBIOS Windows shell extensions deskpan.dll dll-load exploit attempt (netbios.rules)
 * 1:20119 <-> DISABLED <-> WEB-CLIENT Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (web-client.rules)
 * 1:20120 <-> DISABLED <-> BAD-TRAFFIC Microsoft Windows WINS internal communications on network exploit attempt (bad-traffic.rules)
 * 1:20121 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20122 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20123 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid ShrFmla record (specific-threats.rules)
 * 1:20124 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20125 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20126 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20127 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Conditional Formatting record vulnerability (specific-threats.rules)
 * 1:20128 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office invalid MS-OGRAPH DataFormat record (specific-threats.rules)
 * 1:20130 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel MergeCells record parsing code execution attempt (specific-threats.rules)
 * 1:20134 <-> DISABLED <-> EXPLOIT HP OpenView Storage Data Protector buffer overflow attempt (exploit.rules)
 * 1:20137 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:20139 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:2014 <-> DISABLED <-> RPC portmap UNSET attempt TCP 111 (rpc.rules)
 * 1:20140 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:20141 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:18685 <-> DISABLED <-> POLICY RTF file with embedded OLE object (policy.rules)
 * 1:18686 <-> DISABLED <-> BACKDOOR c99shell.php command request - tools (backdoor.rules)
 * 1:18687 <-> DISABLED <-> BACKDOOR c99shell.php command request - update (backdoor.rules)
 * 1:18688 <-> DISABLED <-> BACKDOOR c99shell.php command request - chmod (backdoor.rules)
 * 1:18690 <-> DISABLED <-> BACKDOOR c99shell.php command request - processes (backdoor.rules)
 * 1:18700 <-> DISABLED <-> BLACKLIST Win32.BHO.argt checkin (blacklist.rules)
 * 1:18701 <-> ENABLED <-> SMTP Rich text file .rtf attachment (smtp.rules)
 * 1:18707 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.ControlCenter contact to server attempt (botnet-cnc.rules)
 * 1:18708 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.AntivirusSoft contact to server attempt (botnet-cnc.rules)
 * 1:18709 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.aufm contact to server attempt (botnet-cnc.rules)
 * 1:18710 <-> DISABLED <-> SPECIFIC-THREATS McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (specific-threats.rules)
 * 1:18711 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.SecurityCentral contact to server attempt (botnet-cnc.rules)
 * 1:18712 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.XJRAntivirus contact to server attempt (botnet-cnc.rules)
 * 1:18713 <-> DISABLED <-> DOS OpenSSL TLS connection record handling denial of service attempt (dos.rules)
 * 1:18714 <-> DISABLED <-> DOS OpenSSL TLS connection record handling denial of service attempt (dos.rules)
 * 1:18716 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.H contact to server attempt (botnet-cnc.rules)
 * 1:18717 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.QO contact to server attempt (botnet-cnc.rules)
 * 1:18718 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.AdvancedDefender contact to server attempt (botnet-cnc.rules)
 * 1:18721 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (scada.rules)
 * 1:18722 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (scada.rules)
 * 1:18724 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.ZeroClean contact to server attempt (botnet-cnc.rules)
 * 1:18725 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (scada.rules)
 * 1:18726 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (scada.rules)
 * 1:18727 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (scada.rules)
 * 1:18728 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (scada.rules)
 * 1:18729 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (scada.rules)
 * 1:18730 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (scada.rules)
 * 1:18731 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (scada.rules)
 * 1:18732 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18733 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18734 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18735 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18736 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18737 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18738 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (scada.rules)
 * 1:18739 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Koobface.D contact to server attempt (botnet-cnc.rules)
 * 1:18742 <-> DISABLED <-> WEB-MISC IBM WebSphere Expect header cross-site scripting (web-misc.rules)
 * 1:18744 <-> DISABLED <-> WEB-CLIENT VideoLAN vlc player subtitle buffer overflow attempt (web-client.rules)
 * 1:18746 <-> DISABLED <-> SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (scada.rules)
 * 1:18747 <-> DISABLED <-> SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (scada.rules)
 * 1:18748 <-> DISABLED <-> SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (scada.rules)
 * 1:18749 <-> DISABLED <-> SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (scada.rules)
 * 1:18750 <-> DISABLED <-> SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (scada.rules)
 * 1:18751 <-> DISABLED <-> WEB-MISC Samba SWAT HTTP Authentication overflow attempt (web-misc.rules)
 * 1:18752 <-> DISABLED <-> SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (scada.rules)
 * 1:18754 <-> DISABLED <-> EXPLOIT HP Data Protector Backup Client Service code execution attempt (exploit.rules)
 * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules)
 * 1:18762 <-> DISABLED <-> BLACKLIST URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW (blacklist.rules)
 * 1:18763 <-> DISABLED <-> SPECIFIC-THREATS ActFax Server LPD/LPR Remote Buffer Overflow (specific-threats.rules)
 * 1:18766 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL CMS structure OriginatorInfo memory corruption attempt (specific-threats.rules)
 * 1:18769 <-> DISABLED <-> EXPLOIT LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (exploit.rules)
 * 1:18771 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18772 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel ADO Object Parsing Code Execution (specific-threats.rules)
 * 1:18773 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.htm (blacklist.rules)
 * 1:18774 <-> DISABLED <-> BLACKLIST URI request for known malicious URI (blacklist.rules)
 * 1:18775 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /gpdcount (blacklist.rules)
 * 1:18778 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (scada.rules)
 * 1:18779 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (scada.rules)
 * 1:18780 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (scada.rules)
 * 1:18781 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (scada.rules)
 * 1:18782 <-> DISABLED <-> BLACKLIST URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (blacklist.rules)
 * 1:18783 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (scada.rules)
 * 1:18784 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (scada.rules)
 * 1:18785 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (scada.rules)
 * 1:18786 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (scada.rules)
 * 1:18787 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (scada.rules)
 * 1:18788 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (scada.rules)
 * 1:18789 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (scada.rules)
 * 1:18796 <-> DISABLED <-> WEB-MISC Novell iManager ClassName handling overflow attempt (web-misc.rules)
 * 1:18803 <-> DISABLED <-> WEB-MISC Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (web-misc.rules)
 * 1:18804 <-> DISABLED <-> WEB-MISC OpenLDAP Modrdn utf-8 string code execution attempt (web-misc.rules)
 * 1:18807 <-> DISABLED <-> DOS OpenLDAP Modrdn RDN NULL string denial of service attempt (dos.rules)
 * 1:18900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI (W32.Swizzor -- blacklist.rules)
 * 1:18901 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos KDC Ticket validation double free memory corruption attempt (specific-threats.rules)
 * 1:18930 <-> DISABLED <-> WEB-MISC HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (web-misc.rules)
 * 1:18933 <-> DISABLED <-> DOS SolarWinds TFTP Server Read request denial of service attempt (dos.rules)
 * 1:18934 <-> ENABLED <-> BOTNET-CNC known command and control channel traffic (Coreflood -- botnet-cnc.rules)
 * 1:18937 <-> DISABLED <-> BOTNET-CNC URI request for known malicious URI - Win32.Krap (botnet-cnc.rules)
 * 1:18939 <-> DISABLED <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules)
 * 1:18942 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MacProtector (blacklist.rules)
 * 1:18943 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MacDefender (blacklist.rules)
 * 1:18946 <-> DISABLED <-> BOTNET-CNC Win32.IRCBot.FC runtime detection (botnet-cnc.rules)
 * 1:18955 <-> DISABLED <-> WEB-CGI Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (web-cgi.rules)
 * 1:18956 <-> DISABLED <-> WEB-CGI Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (web-cgi.rules)
 * 1:18957 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18958 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18961 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18962 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18963 <-> DISABLED <-> SPECIFIC-THREATS Adobe ActionScript 3 addEventListener exploit attempt (specific-threats.rules)
 * 1:18964 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18965 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (specific-threats.rules)
 * 1:18966 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18967 <-> DISABLED <-> SPECIFIC-THREATS Adobe ActionScript argumentCount download attempt (specific-threats.rules)
 * 1:18968 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript3 stack integer overflow attempt (specific-threats.rules)
 * 1:18969 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript ActionIf integer overflow attempt (specific-threats.rules)
 * 1:18970 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player null pointer dereference attempt (specific-threats.rules)
 * 1:18971 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash beginGradientfill improper color validation attempt (specific-threats.rules)
 * 1:18972 <-> DISABLED <-> ORACLE Oracle Secure Backup Administration selector variable command injection attempt (oracle.rules)
 * 1:18978 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Pasta.aoq runtime detection (botnet-cnc.rules)
 * 1:18979 <-> DISABLED <-> BOTNET-CNC Worm.Win32.AutoRun.fmo outbound connection (botnet-cnc.rules)
 * 1:18986 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:18987 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (web-client.rules)
 * 1:18988 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18989 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18990 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18991 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:18993 <-> DISABLED <-> WEB-MISC HP OpenView Network Node Manager server name exploit attempt (web-misc.rules)
 * 1:18994 <-> DISABLED <-> NETBIOS Microsoft Windows 2003 browser election remote heap overflow attempt (netbios.rules)
 * 1:19010 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari WebKit menu onchange memory corruption attempt (specific-threats.rules)
 * 1:19016 <-> DISABLED <-> BOTNET-CNC MacBack Trojan outbound connection attempt (botnet-cnc.rules)
 * 1:19017 <-> DISABLED <-> BOTNET-CNC MacBack Trojan outbound connection attempt (botnet-cnc.rules)
 * 1:19018 <-> DISABLED <-> BOTNET-CNC MacBack Trojan outbound connection attempt (botnet-cnc.rules)
 * 1:19019 <-> DISABLED <-> BOTNET-CNC MacBack Trojan outbound connection attempt (botnet-cnc.rules)
 * 1:19021 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.FraudLoad.dzm outbound connection (botnet-cnc.rules)
 * 1:19022 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.FraudLoad.dzm outbound connection (botnet-cnc.rules)
 * 1:19026 <-> DISABLED <-> SPYWARE-PUT Smart Protector outbound connection (spyware-put.rules)
 * 1:19032 <-> DISABLED <-> BOTNET-CNC TrojanDownloader.Win32.Cornfemo.A outbound connection (botnet-cnc.rules)
 * 1:19033 <-> DISABLED <-> BOTNET-CNC TrojanDownloader.Win32.Cornfemo.A outbound connection (botnet-cnc.rules)
 * 1:19036 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.IRCBrute.I contact to server attempt (spyware-put.rules)
 * 1:19037 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.IRCBrute.I contact to server attempt (spyware-put.rules)
 * 1:19039 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.Linkbot.alr contact to server attempt (spyware-put.rules)
 * 1:19040 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.Linkbot.alr contact to server attempt (spyware-put.rules)
 * 1:19041 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Carberp.C contact to server attempt (spyware-put.rules)
 * 1:19042 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Banker.ACQE contact to server attempt (spyware-put.rules)
 * 1:19043 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.BestBoan contact to server attempt (spyware-put.rules)
 * 1:19044 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.ThinkPoint contact to server attempt (spyware-put.rules)
 * 1:19045 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Bancos.XQ contact to server attempt (spyware-put.rules)
 * 1:19046 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.Winwebsec contact to server attempt (spyware-put.rules)
 * 1:19047 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.RClean contact to server attempt (spyware-put.rules)
 * 1:19048 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.Darkness contact to server attempt (spyware-put.rules)
 * 1:19049 <-> DISABLED <-> SPYWARE-PUT Backdoor.Win32.Gigade contact to server attempt (spyware-put.rules)
 * 1:1905 <-> DISABLED <-> RPC AMD UDP amqproc_mount plog overflow attempt (rpc.rules)
 * 1:19050 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Banbra.fxe contact to server attempt (spyware-put.rules)
 * 1:19054 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Sisron.nelo contact to server attempt (spyware-put.rules)
 * 1:19059 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.SystemDefragmenter contact to server attempt (spyware-put.rules)
 * 1:1906 <-> DISABLED <-> RPC AMD TCP amqproc_mount plog overflow attempt (rpc.rules)
 * 1:19060 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Ponmocup.A contact to server attempt (spyware-put.rules)
 * 1:19061 <-> DISABLED <-> SPYWARE-PUT Adware.Win32.Cashtitan contact to server attempt (spyware-put.rules)
 * 1:19062 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.FakePlus Runtime Detection (botnet-cnc.rules)
 * 1:1907 <-> DISABLED <-> RPC CMSD UDP CMSD_CREATE buffer overflow attempt (rpc.rules)
 * 1:19072 <-> DISABLED <-> EXPLOIT RealNetworks Helix Server NTLM authentication heap overflow attempt (exploit.rules)
 * 1:19073 <-> DISABLED <-> DOS Squid Proxy Expect header null pointer denial of service attempt (dos.rules)
 * 1:19074 <-> DISABLED <-> WEB-CLIENT javascript uuencoded noop sled attempt (web-client.rules)
 * 1:19075 <-> DISABLED <-> WEB-CLIENT javascript uuencoded eval statement (web-client.rules)
 * 1:19076 <-> DISABLED <-> SPECIFIC-THREATS Firefox appendChild use-after-free attempt (specific-threats.rules)
 * 1:19077 <-> DISABLED <-> SPECIFIC-THREATS Firefox appendChild use-after-free attempt (specific-threats.rules)
 * 1:19078 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox html tag attributes memory corruption (specific-threats.rules)
 * 1:19079 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer getElementById object corruption (specific-threats.rules)
 * 1:1908 <-> DISABLED <-> RPC CMSD TCP CMSD_CREATE buffer overflow attempt (rpc.rules)
 * 1:19081 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS style memory corruption attempt (specific-threats.rules)
 * 1:19084 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS style memory corruption attempt (specific-threats.rules)
 * 1:1909 <-> DISABLED <-> RPC CMSD TCP CMSD_INSERT buffer overflow attempt (rpc.rules)
 * 1:19093 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL Database unique set column denial of service attempt (specific-threats.rules)
 * 1:19094 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL Database unique set column denial of service attempt (specific-threats.rules)
 * 1:19095 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit CSS Charset Text transformation code execution attempt (specific-threats.rules)
 * 1:19096 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit CSS Charset Text transformation code execution attempt (specific-threats.rules)
 * 1:19097 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit ContentEditable code execution attempt (specific-threats.rules)
 * 1:19098 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit ContentEditable code exeuction attempt (specific-threats.rules)
 * 1:1910 <-> DISABLED <-> RPC CMSD udp CMSD_INSERT buffer overflow attempt (rpc.rules)
 * 1:19100 <-> DISABLED <-> WEB-CLIENT Oracle Java Soundbank resource name overflow attempt (web-client.rules)
 * 1:19104 <-> DISABLED <-> EXPLOIT HP OpenView Storage Data Protector Cell Manager heap overflow attempt (exploit.rules)
 * 1:19105 <-> DISABLED <-> EXPLOIT HP Data Protector Manager MMD service buffer overflow attempt (exploit.rules)
 * 1:19106 <-> DISABLED <-> SPYWARE-PUT Keylogger Ardamax keylogger runtime detection - http (spyware-put.rules)
 * 1:19111 <-> DISABLED <-> DOS Adobe Flash Media Server memory exhaustion (dos.rules)
 * 1:19112 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D stucture heap overflow (specific-threats.rules)
 * 1:19113 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 81 overflow attempt (specific-threats.rules)
 * 1:19114 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 45 overflow attempt (specific-threats.rules)
 * 1:19115 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 89 overflow attempt (specific-threats.rules)
 * 1:19117 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader malformed U3D integer overflow (specific-threats.rules)
 * 1:19118 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader script injection vulnerability (specific-threats.rules)
 * 1:19119 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver remote code execution attempt (specific-threats.rules)
 * 1:19120 <-> DISABLED <-> EXPLOIT IBM Informix DBINFO stack buffer overflow (exploit.rules)
 * 1:19121 <-> DISABLED <-> EXPLOIT IBM Informix EXPLAIN stack buffer overflow attempt (exploit.rules)
 * 1:19123 <-> DISABLED <-> BOTNET-CNC Dropper Win32.Cefyns.A outbound connection (botnet-cnc.rules)
 * 1:19125 <-> DISABLED <-> DOS ISC BIND DNSSEC authority response record overflow attempt (dos.rules)
 * 1:19126 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19127 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19128 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detection (file-identify.rules)
 * 1:19129 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detection (file-identify.rules)
 * 1:19130 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19131 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19132 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office RTD buffer overflow attempt (specific-threats.rules)
 * 1:19135 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Buterat Checkin (backdoor.rules)
 * 1:19142 <-> DISABLED <-> WEB-MISC Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (web-misc.rules)
 * 1:19145 <-> DISABLED <-> SPECIFIC-THREATS Adobe flash player newfunction memory corruption attempt (specific-threats.rules)
 * 1:19148 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (web-client.rules)
 * 1:19162 <-> DISABLED <-> ORACLE get_domain_index_metadata privilege escalation attempt (oracle.rules)
 * 1:19163 <-> DISABLED <-> ORACLE get_v2_domain_index_tables privilege escalation attempt (oracle.rules)
 * 1:19164 <-> DISABLED <-> BOTNET-CNC Trojan SpyEye outbound connection (botnet-cnc.rules)
 * 1:19165 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Microsoft Internet Explorer (blacklist.rules)
 * 1:19167 <-> DISABLED <-> SPECIFIC-THREATS Digium Asterisk UDPTL processing overflow attempt (specific-threats.rules)
 * 1:19171 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (web-client.rules)
 * 1:19172 <-> DISABLED <-> NETBIOS Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (netbios.rules)
 * 1:19173 <-> DISABLED <-> RPC CDE Calendar Manager service memory corruption attempt (rpc.rules)
 * 1:19174 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista feed headlines cross-site scripting attack attempt (web-client.rules)
 * 1:19176 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19177 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19178 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:19179 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:1918 <-> DISABLED <-> SCAN SolarWinds IP scan attempt (scan.rules)
 * 1:19180 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel pivot item index boundary corruption attempt (specific-threats.rules)
 * 1:19181 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer iframe uninitialized memory corruption attempt (specific-threats.rules)
 * 1:19182 <-> DISABLED <-> SPECIFIC-THREATS strongSwan Certificate and Identification payload overflow attempt (specific-threats.rules)
 * 1:19184 <-> DISABLED <-> EXPLOIT Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (exploit.rules)
 * 1:19186 <-> DISABLED <-> WEB-CLIENT Microsoft Certification service XSS attempt (web-client.rules)
 * 1:19188 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:19189 <-> DISABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19190 <-> DISABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19191 <-> DISABLED <-> NETBIOS SMB2 zero length write attempt (netbios.rules)
 * 1:19199 <-> DISABLED <-> NETBIOS Smb2Create_Finalize malformed EndOfFile field exploit attempt (netbios.rules)
 * 1:19200 <-> DISABLED <-> EXPLOIT Microsoft Office Excel ObjBiff exploit attempt (exploit.rules)
 * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules)
 * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules)
 * 1:19205 <-> DISABLED <-> DOS Novell iManager Tree parameter denial of service attempt (dos.rules)
 * 1:19206 <-> DISABLED <-> EXPLOIT IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (exploit.rules)
 * 1:19207 <-> DISABLED <-> EXPLOIT Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (exploit.rules)
 * 1:19208 <-> DISABLED <-> EXPLOIT Citrix Provisioning Services streamprocess.exe buffer overflow attempt (exploit.rules)
 * 1:19211 <-> DISABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:1922 <-> DISABLED <-> RPC portmap proxy attempt TCP (rpc.rules)
 * 1:19221 <-> DISABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19222 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel ObjBiff validation exploit attempt (specific-threats.rules)
 * 1:19224 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19225 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel SerAuxTrend biff record corruption attempt (web-client.rules)
 * 1:19227 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Scenario heap memory overflow (specific-threats.rules)
 * 1:19228 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration preauth variable command injection attempt (web-misc.rules)
 * 1:19229 <-> DISABLED <-> EXPLOIT Microsoft Office Excel SLK file excessive Picture records exploit attempt (exploit.rules)
 * 1:19230 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Selection exploit attempt (specific-threats.rules)
 * 1:19231 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Series record exploit attempt (web-client.rules)
 * 1:19232 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel XF record exploit attempt (specific-threats.rules)
 * 1:19234 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio information disclosure attempt (web-client.rules)
 * 1:19235 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer copy/paste memory corruption attempt (specific-threats.rules)
 * 1:19236 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer drag event memory corruption attempt (specific-threats.rules)
 * 1:19238 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer 8 self remove from markup vulnerability (exploit.rules)
 * 1:1924 <-> DISABLED <-> RPC mountd UDP export request (rpc.rules)
 * 1:19240 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer IE6/7/8 reload stylesheet attempt (web-client.rules)
 * 1:19241 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19242 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19243 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:19246 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS expression defined to empty selection attempt (web-client.rules)
 * 1:19247 <-> DISABLED <-> SPECIFIC-THREATS Adobe jpeg 2000 image exploit attempt (specific-threats.rules)
 * 1:19249 <-> DISABLED <-> SPECIFIC-THREATS Adobe Universal3D meshes.removeItem exploit attempt (specific-threats.rules)
 * 1:1925 <-> DISABLED <-> RPC mountd TCP exportall request (rpc.rules)
 * 1:19251 <-> DISABLED <-> WEB-CLIENT Adobe PDF CIDFont dictionary glyph width corruption attempt (web-client.rules)
 * 1:19256 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - greenherbalteagirlholdingcup (blacklist.rules)
 * 1:19257 <-> DISABLED <-> WEB-CLIENT Adobe Flash ActionScript float index memory corruption (web-client.rules)
 * 1:19258 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel SxView record memory pointer corruption attempt (specific-threats.rules)
 * 1:19259 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel WOpt record memory corruption attempt (specific-threats.rules)
 * 1:1926 <-> DISABLED <-> RPC mountd UDP exportall request (rpc.rules)
 * 1:19260 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed MsoDrawingObject record attempt (specific-threats.rules)
 * 1:19261 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (specific-threats.rules)
 * 1:19262 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19263 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19264 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19265 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19266 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19268 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smb (policy.rules)
 * 1:19269 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19270 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19271 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19272 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19273 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19274 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over smtp (policy.rules)
 * 1:19275 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19276 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19277 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19278 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19279 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19280 <-> DISABLED <-> POLICY attempted download of a PDF with embedded Flash over pop3 (policy.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19294 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:19295 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word HTML linked objects memory corruption attempt (specific-threats.rules)
 * 1:19296 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:19297 <-> DISABLED <-> SPECIFIC-THREATS sidename.js script injection (specific-threats.rules)
 * 1:19298 <-> DISABLED <-> SPECIFIC-THREATS cssminibar.js script injection (specific-threats.rules)
 * 1:19299 <-> DISABLED <-> SPECIFIC-THREATS banner.txt access - possible compromised multi-mesh injection server (specific-threats.rules)
 * 1:19300 <-> DISABLED <-> SPECIFIC-THREATS probable multi-mesh injection attack (specific-threats.rules)
 * 1:19303 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19309 <-> DISABLED <-> SPYWARE-PUT hijacker starware videos outbound connection (spyware-put.rules)
 * 1:19310 <-> DISABLED <-> BOTNET-CNC Downloader Trojan.Gen3 outbound connection (botnet-cnc.rules)
 * 1:19311 <-> DISABLED <-> SPYWARE-PUT Keylogger aspy v2.12 runtime detection (spyware-put.rules)
 * 1:19312 <-> DISABLED <-> BACKDOOR Trojan Win32.Agent.aah outbound connection (backdoor.rules)
 * 1:19313 <-> DISABLED <-> SPECIFIC-THREATS Symantec Antivirus Intel Service DoS Attempt (specific-threats.rules)
 * 1:19314 <-> DISABLED <-> NETBIOS Groove GroovePerfmon.dll dll-load exploit attempt (netbios.rules)
 * 1:19315 <-> DISABLED <-> WEB-CLIENT Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (web-client.rules)
 * 1:19317 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (specific-threats.rules)
 * 1:19324 <-> DISABLED <-> SPYWARE-PUT Keylogger WL-Keylogger inbound connection (spyware-put.rules)
 * 1:19325 <-> DISABLED <-> SPYWARE-PUT Keylogger WL-Keylogger outbound connection (spyware-put.rules)
 * 1:19326 <-> DISABLED <-> BACKDOOR Classroom Spy Professional runtime detection - initial connection (backdoor.rules)
 * 1:19327 <-> DISABLED <-> BACKDOOR Classroom Spy Professional runtime detection - initial connection (backdoor.rules)
 * 1:19329 <-> DISABLED <-> BACKDOOR Faceback.exe outbound connection (backdoor.rules)
 * 1:19330 <-> DISABLED <-> BACKDOOR Adclicker Trojan Zlob.dnz outbound connection (backdoor.rules)
 * 1:19331 <-> DISABLED <-> BACKDOOR Adclicker Trojan Zlob.dnz outbound connection (backdoor.rules)
 * 1:19332 <-> DISABLED <-> BACKDOOR Trojan Win32.Clampi outbound connection (backdoor.rules)
 * 1:19340 <-> DISABLED <-> BACKDOOR Trojan Fakeav TREAntivirus outbound connection (backdoor.rules)
 * 1:19341 <-> DISABLED <-> BACKDOOR Worm MSIL.AiO.a outbound connection (backdoor.rules)
 * 1:19342 <-> DISABLED <-> BACKDOOR Adware Professional Runtime Detection (backdoor.rules)
 * 1:19343 <-> DISABLED <-> BACKDOOR Adware Pro Runtime Detection (backdoor.rules)
 * 1:19344 <-> DISABLED <-> BACKDOOR AntiMalware Pro Runtime Detection (backdoor.rules)
 * 1:19345 <-> DISABLED <-> BACKDOOR REAnti outbound connection (backdoor.rules)
 * 1:19346 <-> DISABLED <-> BACKDOOR Additional Guard outbound connection (backdoor.rules)
 * 1:19349 <-> DISABLED <-> BACKDOOR Fakeav Vaccineclear outbound connection (backdoor.rules)
 * 1:19352 <-> DISABLED <-> BACKDOOR Backdoor Win32.Small.D outbound connection (backdoor.rules)
 * 1:19354 <-> DISABLED <-> BACKDOOR Win32.Agent.bhxn outbound connection (backdoor.rules)
 * 1:19355 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Fareit.A outbound connection (botnet-cnc.rules)
 * 1:19356 <-> DISABLED <-> BOTNET-CNC Win32.Fibbit.ax outbound connection (botnet-cnc.rules)
 * 1:19359 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Dcbavict.A outbound connection (botnet-cnc.rules)
 * 1:1936 <-> DISABLED <-> POP3 AUTH overflow attempt (pop3.rules)
 * 1:19360 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Dcbavict.A outbound connection (botnet-cnc.rules)
 * 1:19361 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Dcbavict.A outbound connection (botnet-cnc.rules)
 * 1:19362 <-> DISABLED <-> BOTNET-CNC Win32.Dorkbot.B outbound conection (botnet-cnc.rules)
 * 1:19363 <-> DISABLED <-> BOTNET-CNC Win32.Dorkbot.B outbound connection (botnet-cnc.rules)
 * 1:19366 <-> DISABLED <-> BOTNET-CNC Win32.HXWAN.A outbound connection (botnet-cnc.rules)
 * 1:19367 <-> DISABLED <-> BOTNET-CNC Worm Win32.Vaubeg.A outbound connection (botnet-cnc.rules)
 * 1:19368 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Carberp.D outbound connection (botnet-cnc.rules)
 * 1:19369 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Carberp.D outbound connection (botnet-cnc.rules)
 * 1:1937 <-> DISABLED <-> POP3 LIST overflow attempt (pop3.rules)
 * 1:19370 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Carberp.D outbound connection (botnet-cnc.rules)
 * 1:19371 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Banker.IC outbound connection (botnet-cnc.rules)
 * 1:19372 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string javasw - Trojan.Banload (blacklist.rules)
 * 1:1938 <-> DISABLED <-> POP3 XTND overflow attempt (pop3.rules)
 * 1:19391 <-> DISABLED <-> SPYWARE-PUT Lost Door v3.0 (spyware-put.rules)
 * 1:19395 <-> DISABLED <-> BOTNET-CNC Trojan Downloader Win32.Monkif.J inbound connection - dest ip infected (botnet-cnc.rules)
 * 1:19402 <-> DISABLED <-> BACKDOOR P2P Worm.Win32.Malas.r outbound connection (backdoor.rules)
 * 1:19413 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19414 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19415 <-> DISABLED <-> BACKDOOR vsFTPd 2.3.4 backdoor connection attempt (backdoor.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detection (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> DISABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19431 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19432 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19434 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string ErrCode (blacklist.rules)
 * 1:19437 <-> DISABLED <-> SQL select concat statement - possible sql injection obfuscation (sql.rules)
 * 1:19438 <-> DISABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules)
 * 1:19439 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> DISABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:19451 <-> DISABLED <-> EXPLOIT Oracle VM server agent command injection (exploit.rules)
 * 1:19452 <-> DISABLED <-> EXPLOIT Oracle VM server agent command injection (exploit.rules)
 * 1:19464 <-> DISABLED <-> SPECIFIC-THREATS Microsoft CSRSS integer overflow attempt (specific-threats.rules)
 * 1:19465 <-> DISABLED <-> NETBIOS Visio mfc71 dll-load exploit attempt (netbios.rules)
 * 1:19466 <-> DISABLED <-> WEB-CLIENT Microsoft Office Visio mfc71 dll-load exploit attempt (web-client.rules)
 * 1:19467 <-> DISABLED <-> SPECIFIC-THREATS Microsoft CSRSS NULL Fontface pointer attempt (specific-threats.rules)
 * 1:19468 <-> DISABLED <-> SPECIFIC-THREATS Microsoft stale data code execution attempt (specific-threats.rules)
 * 1:19469 <-> DISABLED <-> SPECIFIC-THREATS Microsoft invalid message kernel-mode memory disclosure attempt (specific-threats.rules)
 * 1:19471 <-> DISABLED <-> POLICY dnstunnel v0.5 outbound traffic detected (policy.rules)
 * 1:19472 <-> DISABLED <-> POLICY proxytunnel proxy connection detected (policy.rules)
 * 1:19473 <-> DISABLED <-> POLICY stunnel proxy connection detected (policy.rules)
 * 1:19474 <-> DISABLED <-> POLICY hamachi VPN outbound traffic detected (policy.rules)
 * 1:19475 <-> DISABLED <-> POLICY proxycgi proxy connection detected (policy.rules)
 * 1:1949 <-> DISABLED <-> RPC portmap SET attempt TCP 111 (rpc.rules)
 * 1:1950 <-> DISABLED <-> RPC portmap SET attempt UDP 111 (rpc.rules)
 * 1:1951 <-> DISABLED <-> RPC mountd TCP mount request (rpc.rules)
 * 1:1952 <-> DISABLED <-> RPC mountd UDP mount request (rpc.rules)
 * 1:1953 <-> DISABLED <-> RPC AMD TCP pid request (rpc.rules)
 * 1:1954 <-> DISABLED <-> RPC AMD UDP pid request (rpc.rules)
 * 1:1955 <-> DISABLED <-> RPC AMD TCP version request (rpc.rules)
 * 1:19551 <-> DISABLED <-> POLICY self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (policy.rules)
 * 1:19558 <-> DISABLED <-> WEB-MISC JBoss expression language actionOutcome remote code execution (web-misc.rules)
 * 1:19559 <-> DISABLED <-> BAD-TRAFFIC SSH brute force login attempt (bad-traffic.rules)
 * 1:1956 <-> DISABLED <-> RPC AMD UDP version request (rpc.rules)
 * 1:19560 <-> DISABLED <-> WEB-CLIENT Apple iTunes PLS file parsing buffer overflow attempt (web-client.rules)
 * 1:19579 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Potao.A outbound connection (botnet-cnc.rules)
 * 1:19587 <-> DISABLED <-> BACKDOOR Win32.Sereki.B outbound connection (backdoor.rules)
 * 1:1959 <-> DISABLED <-> RPC portmap NFS request UDP (rpc.rules)
 * 1:19599 <-> DISABLED <-> ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (oracle.rules)
 * 1:1960 <-> DISABLED <-> RPC portmap NFS request TCP (rpc.rules)
 * 1:19600 <-> DISABLED <-> ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (oracle.rules)
 * 1:19601 <-> DISABLED <-> NETBIOS Oracle Java Runtime Environment .hotspotrc file load exploit attempt (netbios.rules)
 * 1:19602 <-> DISABLED <-> NETBIOS Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (netbios.rules)
 * 1:19603 <-> DISABLED <-> WEB-CLIENT Oracle Java Runtime Environment .hotspotrc file load exploit attempt (web-client.rules)
 * 1:19604 <-> DISABLED <-> WEB-CLIENT Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (web-client.rules)
 * 1:19605 <-> DISABLED <-> ORACLE Glass Fish Server malformed username cross site scripting attempt (oracle.rules)
 * 1:19606 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19607 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19608 <-> DISABLED <-> BOTNET-CNC Win32.Wisscmd.A outbound connection (botnet-cnc.rules)
 * 1:19609 <-> DISABLED <-> EXPLOIT Novell ZENworks Handheld Management upload directory traversal attempt (exploit.rules)
 * 1:1961 <-> DISABLED <-> RPC portmap RQUOTA request UDP (rpc.rules)
 * 1:19611 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string INet - Win32.Virus.Jusabli.A (blacklist.rules)
 * 1:19614 <-> DISABLED <-> BACKDOOR Win32.IRCBot.kkr outbound connection (backdoor.rules)
 * 1:19617 <-> DISABLED <-> NETBIOS Adobe Audition assist.dll dll-load exploit attempt (netbios.rules)
 * 1:19618 <-> DISABLED <-> NETBIOS Adobe multiple products dwmapi.dll dll-load exploit attempt (netbios.rules)
 * 1:19619 <-> DISABLED <-> WEB-CLIENT Adobe Audition assist.dll dll-load exploit attempt (web-client.rules)
 * 1:1962 <-> DISABLED <-> RPC portmap RQUOTA request TCP (rpc.rules)
 * 1:19620 <-> DISABLED <-> WEB-CLIENT Adobe multiple products dwmapi.dll dll-load exploit attempt (web-client.rules)
 * 1:19621 <-> DISABLED <-> WEB-CLIENT MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (web-client.rules)
 * 1:1963 <-> DISABLED <-> RPC RQUOTA getquota overflow attempt UDP (rpc.rules)
 * 1:19645 <-> DISABLED <-> EXPLOIT cross-site scripting attempt via form data attempt (exploit.rules)
 * 1:19646 <-> DISABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19647 <-> DISABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19648 <-> DISABLED <-> POLICY PDF with click-to-launch executable (policy.rules)
 * 1:19649 <-> DISABLED <-> EXPLOIT HP Intelligent Management Center dbman buffer overflow attempt (exploit.rules)
 * 1:19652 <-> DISABLED <-> BOTNET-CNC Teevsock C outbound connection (botnet-cnc.rules)
 * 1:19665 <-> DISABLED <-> EXPLOIT Microsoft Windows Remote Desktop web access cross-site scripting attempt (exploit.rules)
 * 1:19666 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer multi-window access memory corruption attempt (web-client.rules)
 * 1:19667 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer cross-domain scripting attack (specific-threats.rules)
 * 1:19668 <-> DISABLED <-> NETBIOS Internet Explorer telnet.exe file load exploit attempt (netbios.rules)
 * 1:19669 <-> DISABLED <-> POLICY Telnet protocol specifier in web page attempt (policy.rules)
 * 1:19670 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer telnet.exe file load exploit attempt (web-client.rules)
 * 1:19671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer XSL refreshing memory corruption attempt (web-client.rules)
 * 1:19672 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (web-client.rules)
 * 1:19673 <-> DISABLED <-> NETBIOS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (netbios.rules)
 * 1:19674 <-> DISABLED <-> WEB-CLIENT Microsoft Data Access Components bidlab.dll dll-load exploit attempt (web-client.rules)
 * 1:19675 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLString data length exploit attempt (specific-threats.rules)
 * 1:19676 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLDTOptions object exploit attempt (specific-threats.rules)
 * 1:19677 <-> DISABLED <-> DNS Microsoft DNS NAPTR remote unauthenticated code execution vulnerability (dns.rules)
 * 1:19678 <-> DISABLED <-> ICMP Microsoft Windows remote unauthenticated DoS/bugcheck vulnerability (icmp.rules)
 * 1:19679 <-> DISABLED <-> WEB-CLIENT Microsoft Windows NDISTAPI Driver code execution attempt (web-client.rules)
 * 1:19680 <-> DISABLED <-> WEB-CLIENT Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (web-client.rules)
 * 1:19684 <-> DISABLED <-> SPECIFIC-THREATS Adobe CFF font storage memory corruption attempt (specific-threats.rules)
 * 1:19685 <-> DISABLED <-> WEB-CLIENT Adobe Flash regular expression grouping depth buffer overflow attempt (web-client.rules)
 * 1:19686 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash uninitialized bitmap structure memory corruption attempt (specific-threats.rules)
 * 1:19687 <-> DISABLED <-> WEB-CLIENT Adobe Flash ActionStoreRegister instruction length invalidation attempt (web-client.rules)
 * 1:19688 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript BitmapData buffer overflow attempt (specific-threats.rules)
 * 1:19689 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript dynamic calculation double-free attempt (specific-threats.rules)
 * 1:19690 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript duplicateDoorInputArguments stack overwrite (specific-threats.rules)
 * 1:19691 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript Filereference buffer overflow attempt (specific-threats.rules)
 * 1:19692 <-> DISABLED <-> WEB-CLIENT Adobe Flash cross-site request forgery attempt (web-client.rules)
 * 1:19693 <-> DISABLED <-> WEB-CLIENT Adobe Flash MP4 ref_frame allocated buffer overflow attempt (web-client.rules)
 * 1:19708 <-> DISABLED <-> SMTP Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (smtp.rules)
 * 1:2429 <-> DISABLED <-> NNTP sendme overflow attempt (nntp.rules)
 * 1:2432 <-> DISABLED <-> NNTP article post without path attempt (nntp.rules)
 * 1:2435 <-> DISABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:2437 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer arbitrary javascript command attempt (web-client.rules)
 * 1:2446 <-> DISABLED <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt - ISS Witty Worm (exploit.rules)
 * 1:2450 <-> DISABLED <-> CHAT Yahoo IM successful logon (chat.rules)
 * 1:2451 <-> DISABLED <-> CHAT Yahoo IM voicechat (chat.rules)
 * 1:2452 <-> DISABLED <-> CHAT Yahoo IM ping (chat.rules)
 * 1:2453 <-> DISABLED <-> CHAT Yahoo IM conference invitation (chat.rules)
 * 1:2454 <-> DISABLED <-> CHAT Yahoo IM conference logon success (chat.rules)
 * 1:2455 <-> DISABLED <-> CHAT Yahoo IM conference message (chat.rules)
 * 1:2456 <-> DISABLED <-> CHAT Yahoo Messenger File Transfer Receive Request (chat.rules)
 * 1:2457 <-> DISABLED <-> CHAT Yahoo IM message (chat.rules)
 * 1:2458 <-> DISABLED <-> CHAT Yahoo IM successful chat join (chat.rules)
 * 1:2459 <-> DISABLED <-> CHAT Yahoo IM conference offer invitation (chat.rules)
 * 1:2460 <-> DISABLED <-> CHAT Yahoo IM conference request (chat.rules)
 * 1:2461 <-> DISABLED <-> CHAT Yahoo IM conference watch (chat.rules)
 * 1:2474 <-> DISABLED <-> NETBIOS SMB-DS ADMIN$ share access (netbios.rules)
 * 1:2485 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Internet Security 2004 ActiveX clsid access (web-activex.rules)
 * 1:2488 <-> DISABLED <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules)
 * 1:2527 <-> DISABLED <-> SMTP STARTTLS attempt (smtp.rules)
 * 1:253 <-> DISABLED <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 * 1:254 <-> DISABLED <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 * 1:2542 <-> DISABLED <-> SMTP SSLv3 Client_Hello request (smtp.rules)
 * 1:2543 <-> DISABLED <-> SMTP SSLv3 Server_Hello request (smtp.rules)
 * 1:2587 <-> DISABLED <-> P2P eDonkey server response (p2p.rules)
 * 1:2649 <-> DISABLED <-> ORACLE Oracle 9i TNS Listener SERVICE_NAME Remote Buffer Overflow attempt (oracle.rules)
 * 1:2666 <-> DISABLED <-> POP3 PASS format string attempt (pop3.rules)
 * 1:2936 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (netbios.rules)
 * 1:3009 <-> DISABLED <-> BACKDOOR NetBus Pro 2.0 connection request (backdoor.rules)
 * 1:3013 <-> ENABLED <-> BACKDOOR Asylum 0.1 connection request (backdoor.rules)
 * 1:3019 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
 * 1:3021 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
 * 1:3023 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
 * 1:3025 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
 * 1:3027 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
 * 1:3029 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
 * 1:3031 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
 * 1:3033 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
 * 1:3035 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
 * 1:3037 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
 * 1:3039 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
 * 1:3040 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules)
 * 1:3041 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
 * 1:3042 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3043 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3044 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3045 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3046 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3047 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3048 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3049 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3050 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3051 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3052 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3053 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3054 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3055 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3056 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3057 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3063 <-> DISABLED <-> BACKDOOR Vampire 1.2 connection request (backdoor.rules)
 * 1:3064 <-> DISABLED <-> BACKDOOR Vampire 1.2 connection confirmation (backdoor.rules)
 * 1:3081 <-> ENABLED <-> BACKDOOR Y3KRAT 1.5 Connect (backdoor.rules)
 * 1:3082 <-> ENABLED <-> BACKDOOR Y3KRAT 1.5 Connect Client Response (backdoor.rules)
 * 1:3135 <-> DISABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3136 <-> DISABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3137 <-> DISABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3138 <-> DISABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3139 <-> DISABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3140 <-> DISABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3141 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3142 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3143 <-> DISABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 command response overflow attempt (netbios.rules)
 * 1:3144 <-> DISABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
 * 1:3146 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
 * 1:3148 <-> DISABLED <-> WEB-CLIENT Microsoft Windows winhelp clsid attempt (web-client.rules)
 * 1:3151 <-> DISABLED <-> FINGER / execution attempt (finger.rules)
 * 1:3155 <-> DISABLED <-> BACKDOOR BackOrifice 2000 Inbound Traffic (backdoor.rules)
 * 1:320 <-> DISABLED <-> FINGER cmd_rootsh backdoor attempt (finger.rules)
 * 1:321 <-> DISABLED <-> FINGER account enumeration attempt (finger.rules)
 * 1:3218 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules)
 * 1:322 <-> DISABLED <-> FINGER search query (finger.rules)
 * 1:323 <-> DISABLED <-> FINGER root query (finger.rules)
 * 1:3238 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (netbios.rules)
 * 1:3239 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (netbios.rules)
 * 1:2015 <-> DISABLED <-> RPC portmap UNSET attempt UDP 111 (rpc.rules)
 * 1:20157 <-> DISABLED <-> POLICY Oracle Sun GlassFish Server war file upload attempt (policy.rules)
 * 1:20158 <-> DISABLED <-> WEB-MISC Oracle Sun GlassFish Server default credentials login attempt (web-misc.rules)
 * 1:20159 <-> DISABLED <-> WEB-MISC Oracle Sun GlassFish Server authentication bypass attempt (web-misc.rules)
 * 1:2016 <-> DISABLED <-> RPC portmap status request TCP (rpc.rules)
 * 1:20160 <-> DISABLED <-> WEB-MISC Oracle Sun GlassFish Server successful authentication bypass attempt (web-misc.rules)
 * 1:2017 <-> DISABLED <-> RPC portmap espd request UDP (rpc.rules)
 * 1:20176 <-> DISABLED <-> SCADA DAQFactory NETB protcol stack overflow attempt (scada.rules)
 * 1:20178 <-> DISABLED <-> SCADA RSLogix rna protocol denial of service attempt (scada.rules)
 * 1:2018 <-> DISABLED <-> RPC mountd TCP dump request (rpc.rules)
 * 1:20182 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player viewSource blacklist exclusion attempt (web-client.rules)
 * 1:20183 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player setInterval use attempt (specific-threats.rules)
 * 1:2019 <-> DISABLED <-> RPC mountd UDP dump request (rpc.rules)
 * 1:2020 <-> DISABLED <-> RPC mountd TCP unmount request (rpc.rules)
 * 1:20202 <-> DISABLED <-> BOTNET-CNC OSX.Revir-1 outbound connection (botnet-cnc.rules)
 * 1:20205 <-> DISABLED <-> BOTNET-CNC Win32/Poison beaconing request (botnet-cnc.rules)
 * 1:20206 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player pcre ActionScript under allocation (specific-threats.rules)
 * 1:2021 <-> DISABLED <-> RPC mountd UDP unmount request (rpc.rules)
 * 1:20211 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player recursive stack overflow attempt (web-client.rules)
 * 1:2022 <-> DISABLED <-> RPC mountd TCP unmountall request (rpc.rules)
 * 1:20225 <-> DISABLED <-> NETBIOS SMI file download request (netbios.rules)
 * 1:20226 <-> DISABLED <-> NETBIOS MPlayer SMI file buffer overflow attempt (netbios.rules)
 * 1:20227 <-> DISABLED <-> EXPLOIT VideoLAN VLC webm memory corruption attempt (exploit.rules)
 * 1:2023 <-> DISABLED <-> RPC mountd UDP unmountall request (rpc.rules)
 * 1:20234 <-> DISABLED <-> BACKDOOR Win32.Ceckno.cmz runtime traffic detected (backdoor.rules)
 * 1:20237 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:2024 <-> DISABLED <-> RPC RQUOTA getquota overflow attempt TCP (rpc.rules)
 * 1:2025 <-> DISABLED <-> RPC yppasswd username overflow attempt UDP (rpc.rules)
 * 1:20250 <-> DISABLED <-> EXPLOIT IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (exploit.rules)
 * 1:20251 <-> DISABLED <-> SPECIFIC-THREATS PointBase 4.6 database DoS (specific-threats.rules)
 * 1:20252 <-> DISABLED <-> BOTNET-CNC DroidKungFu check-in (botnet-cnc.rules)
 * 1:20253 <-> DISABLED <-> NETBIOS Microsoft products oleacc.dll dll-load exploit attempt (netbios.rules)
 * 1:20254 <-> DISABLED <-> WEB-CLIENT Microsoft products oleacc.dll dll-load exploit attempt (web-client.rules)
 * 1:20255 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Silverlight inheritance restriction bypass (specific-threats.rules)
 * 1:20256 <-> DISABLED <-> EXPLOIT Microsoft Forefront UAG http response splitting attempt (exploit.rules)
 * 1:20257 <-> DISABLED <-> WEB-MISC Microsoft ForeFront UAG ExcelTable.asp XSS attempt (web-misc.rules)
 * 1:20258 <-> DISABLED <-> EXPLOIT Microsoft Forefront UAG javascript handler in URI XSS attempt (exploit.rules)
 * 1:20259 <-> DISABLED <-> WEB-MISC Microsoft Agent Helper Malicious JAR download attempt (web-misc.rules)
 * 1:2026 <-> DISABLED <-> RPC yppasswd username overflow attempt TCP (rpc.rules)
 * 1:20260 <-> DISABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20261 <-> DISABLED <-> WEB-CLIENT Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (web-client.rules)
 * 1:20262 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onscroll DOS attempt (web-client.rules)
 * 1:20263 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer htmlfile null attribute access (web-client.rules)
 * 1:20264 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer selection option and form reset attack (specific-threats.rules)
 * 1:20265 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer null attribute crash (specific-threats.rules)
 * 1:20266 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer 8 Javascript negative option index attack attempt (web-misc.rules)
 * 1:20267 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer circular reference exploit attempt (specific-threats.rules)
 * 1:20268 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer Marquee stylesheet object removal (specific-threats.rules)
 * 1:20269 <-> DISABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:2027 <-> DISABLED <-> RPC yppasswd old password overflow attempt UDP (rpc.rules)
 * 1:20271 <-> DISABLED <-> DOS Microsoft Host Integration Server SNA length dos attempt (dos.rules)
 * 1:20272 <-> DISABLED <-> DOS Microsoft Forefront UAG NLSessionS cookie overflow attempt (dos.rules)
 * 1:20273 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer jscript9 parsing corruption attempt (specific-threats.rules)
 * 1:20274 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:2028 <-> DISABLED <-> RPC yppasswd old password overflow attempt TCP (rpc.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20283 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:20284 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:2029 <-> DISABLED <-> RPC yppasswd new password overflow attempt UDP (rpc.rules)
 * 1:20292 <-> DISABLED <-> BOTNET-CNC Trojan Win32.FresctSpy.A outbound connection (botnet-cnc.rules)
 * 1:2030 <-> DISABLED <-> RPC yppasswd new password overflow attempt TCP (rpc.rules)
 * 1:2031 <-> DISABLED <-> RPC yppasswd user update UDP (rpc.rules)
 * 1:2032 <-> DISABLED <-> RPC yppasswd user update TCP (rpc.rules)
 * 1:2033 <-> DISABLED <-> RPC ypserv maplist request UDP (rpc.rules)
 * 1:2034 <-> DISABLED <-> RPC ypserv maplist request TCP (rpc.rules)
 * 1:2035 <-> DISABLED <-> RPC portmap network-status-monitor request UDP (rpc.rules)
 * 1:2036 <-> DISABLED <-> RPC portmap network-status-monitor request TCP (rpc.rules)
 * 1:2037 <-> DISABLED <-> RPC network-status-monitor mon-callback request UDP (rpc.rules)
 * 1:2038 <-> DISABLED <-> RPC network-status-monitor mon-callback request TCP (rpc.rules)
 * 1:2040 <-> DISABLED <-> POLICY xtacacs login attempt (policy.rules)
 * 1:2042 <-> DISABLED <-> POLICY xtacacs accepted login response (policy.rules)
 * 1:20433 <-> DISABLED <-> SPYWARE-PUT XP Guardian 2010 anutayadokalug host runtime traffic detection (spyware-put.rules)
 * 1:20434 <-> DISABLED <-> SPYWARE-PUT XP Guardian 2010 proantivirus21 host runtime traffic detection (spyware-put.rules)
 * 1:20435 <-> DISABLED <-> BACKDOOR TrojanSpy Win32.Zbot.Svr runtime traffic detected (backdoor.rules)
 * 1:2044 <-> DISABLED <-> POLICY PPTP Start Control Request attempt (policy.rules)
 * 1:20440 <-> DISABLED <-> EXPLOIT CA BrightStor cheyenneds mailslot overflow (exploit.rules)
 * 1:20441 <-> DISABLED <-> EXPLOIT CA BrightStor cheyenneds mailslot overflow (exploit.rules)
 * 1:20442 <-> DISABLED <-> EXPLOIT CA BrightStor cheyenneds mailslot overflow (exploit.rules)
 * 1:20445 <-> DISABLED <-> WEB-CLIENT Foxit Reader title overflow attempt (web-client.rules)
 * 1:20446 <-> DISABLED <-> WEB-MISC DiskPulseServer GetServerInfo request buffer overflow (web-misc.rules)
 * 1:20447 <-> DISABLED <-> BACKDOOR Trojan Win32.Agent.JAAK outbound connection (backdoor.rules)
 * 1:20448 <-> DISABLED <-> BACKDOOR Win32.Meciv.A outbound connection (backdoor.rules)
 * 1:20449 <-> DISABLED <-> BACKDOOR Worm Win32.Busifom.A outbound connection (backdoor.rules)
 * 1:20450 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file magic detection (file-identify.rules)
 * 1:20451 <-> DISABLED <-> FILE-IDENTIFY MPEG sys stream file magic detection (file-identify.rules)
 * 1:20452 <-> DISABLED <-> FILE-IDENTIFY GZip file magic detection (file-identify.rules)
 * 1:20453 <-> DISABLED <-> FILE-IDENTIFY Script encoder file magic detection (file-identify.rules)
 * 1:20454 <-> DISABLED <-> FILE-IDENTIFY Postscript file magic detection (file-identify.rules)
 * 1:20455 <-> DISABLED <-> FILE-IDENTIFY BinHex file magic detection (file-identify.rules)
 * 1:20456 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detection (file-identify.rules)
 * 1:20458 <-> DISABLED <-> FILE-IDENTIFY bzip file magic detection (file-identify.rules)
 * 1:20461 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detection (file-identify.rules)
 * 1:20463 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20464 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20465 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20466 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20467 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20468 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20469 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detection (file-identify.rules)
 * 1:20474 <-> DISABLED <-> FILE-IDENTIFY Symantec file magic detection (file-identify.rules)
 * 1:20475 <-> DISABLED <-> FILE-IDENTIFY ARJ file magic detection (file-identify.rules)
 * 1:20476 <-> DISABLED <-> FILE-IDENTIFY TNEF file magic detection (file-identify.rules)
 * 1:20477 <-> DISABLED <-> FILE-IDENTIFY ELF file magic detection (file-identify.rules)
 * 1:20479 <-> DISABLED <-> FILE-IDENTIFY CryptFF file magic detection (file-identify.rules)
 * 1:20484 <-> DISABLED <-> FILE-IDENTIFY SIS file magic detection (file-identify.rules)
 * 1:20485 <-> DISABLED <-> FILE-IDENTIFY SIP log file magic detection (file-identify.rules)
 * 1:20487 <-> DISABLED <-> FILE-IDENTIFY 7zip file magic detection (file-identify.rules)
 * 1:20488 <-> DISABLED <-> FILE-IDENTIFY MachO Little Endian file magic detection (file-identify.rules)
 * 1:20489 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detection (file-identify.rules)
 * 1:20490 <-> DISABLED <-> FILE-IDENTIFY MachO Big Endian file magic detection (file-identify.rules)
 * 1:20491 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detection (file-identify.rules)
 * 1:20493 <-> DISABLED <-> FILE-IDENTIFY jarpack file magic detection (file-identify.rules)
 * 1:20513 <-> DISABLED <-> FILE-IDENTIFY ffmpeg file magic detection (file-identify.rules)
 * 1:20515 <-> DISABLED <-> FILE-IDENTIFY ivr file magic detection (file-identify.rules)
 * 1:20518 <-> DISABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> DISABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> DISABLED <-> FILE-IDENTIFY vmd file magic detection (file-identify.rules)
 * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detection (file-identify.rules)
 * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detection (file-identify.rules)
 * 1:20525 <-> DISABLED <-> BOTNET-CNC Trojan.Duqu contact to C&C server attempt (botnet-cnc.rules)
 * 1:20529 <-> DISABLED <-> EXPLOIT Oracle Java trusted method chaining attempt (exploit.rules)
 * 1:20534 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel IPMT record buffer overflow attempt (specific-threats.rules)
 * 1:20535 <-> DISABLED <-> WEB-CLIENT Opera Config File script access attempt (web-client.rules)
 * 1:20543 <-> DISABLED <-> EXPLOIT Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (exploit.rules)
 * 1:20545 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player SWF embedded font null pointer attempt (specific-threats.rules)
 * 1:20546 <-> DISABLED <-> EXPLOIT BakBone NetVault client heap overflow attempt (exploit.rules)
 * 1:20547 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player overlapping record overflow attempt (specific-threats.rules)
 * 1:20549 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion attempt (specific-threats.rules)
 * 1:20550 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player Mover3D clipping exploit (specific-threats.rules)
 * 1:20551 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player Stage 3D texture format overflow attempt (specific-threats.rules)
 * 1:20553 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:20554 <-> DISABLED <-> CHAT MSN Messenger and Windows Live Messenger Code Execution attempt (chat.rules)
 * 1:20555 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash MP4 ref_frame allocated buffer overflow attempt (specific-threats.rules)
 * 1:20556 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player PlaceObjectX null pointer dereference attempt (specific-threats.rules)
 * 1:20557 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionDefineFunction2 length overflow attempt (specific-threats.rules)
 * 1:20560 <-> DISABLED <-> EXPLOIT Adobe Flash Player salign null javascript access attempt (exploit.rules)
 * 1:20561 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.PWSBanker.SHE contact to cnc-server attempt (botnet-cnc.rules)
 * 1:20562 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.PWSBanker.SHE contact to cnc-server attempt (botnet-cnc.rules)
 * 1:20563 <-> DISABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> DISABLED <-> FILE-IDENTIFY amf file magic detection (file-identify.rules)
 * 1:20565 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20566 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20567 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash SWF AVM2 namespace lookup deref exploit (specific-threats.rules)
 * 1:20568 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (specific-threats.rules)
 * 1:20569 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection attempt (botnet-cnc.rules)
 * 1:20570 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection attempt (botnet-cnc.rules)
 * 1:20571 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection attempt (botnet-cnc.rules)
 * 1:20572 <-> DISABLED <-> WEB-MISC Microsoft Windows Font Library file buffer overflow attempt (web-misc.rules)
 * 1:20575 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader PDF JBIG2 remote code execution attempt (specific-threats.rules)
 * 1:20577 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat malicious TIFF remote code execution attempt (specific-threats.rules)
 * 1:20583 <-> DISABLED <-> WEB-CLIENT Mozilla multiple location headers malicious redirect attempt (web-client.rules)
 * 1:20584 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt (web-client.rules)
 * 1:20585 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-length headers malicious redirect attempt (web-client.rules)
 * 1:20586 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-disposition headers malicious redirect attempt (web-client.rules)
 * 1:20587 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Larchik.A backdoor phishing attempt (botnet-cnc.rules)
 * 1:20588 <-> DISABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> DISABLED <-> FILE-IDENTIFY CDR file magic detection (file-identify.rules)
 * 1:20590 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:20594 <-> DISABLED <-> ORACLE Outside In CorelDRAW file parser integer overflow attempt (oracle.rules)
 * 1:20595 <-> DISABLED <-> BOTNET-CNC Win32.Ixeshe.F backdoor access attempt (botnet-cnc.rules)
 * 1:20596 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection attempt (botnet-cnc.rules)
 * 1:20597 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection attempt (botnet-cnc.rules)
 * 1:20598 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection attempt (botnet-cnc.rules)
 * 1:20599 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection attempt (botnet-cnc.rules)
 * 1:20601 <-> DISABLED <-> RSERVICES rlogin nobody (rservices.rules)
 * 1:20602 <-> DISABLED <-> RSERVICES rlogin guest (rservices.rules)
 * 1:20604 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Buzus.isqy trojan phishing attempt (botnet-cnc.rules)
 * 1:20605 <-> DISABLED <-> BOTNET-CNC Win32.R2d2.A contact to cnc server attempt (botnet-cnc.rules)
 * 1:20606 <-> DISABLED <-> BOTNET-CNC Win32.Domsingx.A contact to C&C server attempt (botnet-cnc.rules)
 * 1:20607 <-> DISABLED <-> WEB-CLIENT Novell Groupwise internet agent http uri buffer overflow attempt (web-client.rules)
 * 1:20608 <-> DISABLED <-> WEB-CLIENT Novell Groupwise internet agent http uri buffer overflow attempt (web-client.rules)
 * 1:20609 <-> DISABLED <-> EXPLOIT Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (exploit.rules)
 * 1:20612 <-> DISABLED <-> SPECIFIC-THREATS Apache Tomcat Java AJP connector invalid header timeout DOS attempt (specific-threats.rules)
 * 1:20621 <-> DISABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20622 <-> DISABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:20626 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Shylock.A contact to C&C server attempt (botnet-cnc.rules)
 * 1:20627 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Shylock.A C&C server response attempt (botnet-cnc.rules)
 * 1:20628 <-> DISABLED <-> WEB-MISC HP Data Protector FinishedCopy SQL Injection attempt (web-misc.rules)
 * 1:20629 <-> DISABLED <-> WEB-PHP geoBlog SQL injection in viewcat.php cat parameter attempt (web-php.rules)
 * 1:20630 <-> DISABLED <-> BOTNET-CNC Win32.Winnti.A contact to cnc server attempt (botnet-cnc.rules)
 * 1:20634 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onscroll DOS attempt (specific-threats.rules)
 * 1:20635 <-> DISABLED <-> WEB-MISC HP Data Protector GetPolicies SQL Injection attempt (web-misc.rules)
 * 1:20636 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:20637 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:20639 <-> DISABLED <-> BOTNET-CNC Malware Trojan.Win32.Higest.N outbound connection attempt (botnet-cnc.rules)
 * 1:20640 <-> DISABLED <-> WEB-PHP VEGO Web Forum SQL injection in login.php username attempt (web-php.rules)
 * 1:20641 <-> DISABLED <-> WEB-PHP TheWebForum SQL injection in login.php username attempt (web-php.rules)
 * 1:20642 <-> DISABLED <-> WEB-PHP TankLogger SQL injection in showInfo.php livestock_id attempt (web-php.rules)
 * 1:20643 <-> DISABLED <-> WEB-PHP ScozBook SQL injection in auth.php adminname attempt (web-php.rules)
 * 1:20644 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in detail.php id attempt (web-php.rules)
 * 1:20645 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in pages.php id attempt (web-php.rules)
 * 1:20646 <-> DISABLED <-> WEB-PHP Benders Calendar SQL injection in index.php this_day attempt (web-php.rules)
 * 1:20647 <-> DISABLED <-> WEB-PHP inTouch SQL injection in index.php user attempt (web-php.rules)
 * 1:20648 <-> DISABLED <-> WEB-PHP Bit 5 Blog SQL injection in processlogin.php username via (web-php.rules)
 * 1:20649 <-> DISABLED <-> WEB-PHP ADNForum SQL injection in index.php fid attempt (web-php.rules)
 * 1:20650 <-> DISABLED <-> WEB-PHP MyNewsGroups remote file include in layersmenu.inc.php myng_root (web-php.rules)
 * 1:20651 <-> DISABLED <-> WEB-PHP Modernbill remote file include in config.php DIR (web-php.rules)
 * 1:20652 <-> DISABLED <-> WEB-PHP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (web-php.rules)
 * 1:20653 <-> DISABLED <-> SMTP Windows Media Player ASX file ref href buffer overflow attempt (smtp.rules)
 * 1:20654 <-> DISABLED <-> WEB-PHP GrapAgenda remote file include in index.php page (web-php.rules)
 * 1:20655 <-> DISABLED <-> CHAT Yahoo Messenger iframe injection status change attempt (chat.rules)
 * 1:20656 <-> DISABLED <-> WEB-PHP GestArtremote file include in aide.php3 aide (web-php.rules)
 * 1:20657 <-> DISABLED <-> WEB-PHP Free File Hosting remote file include in forgot_pass.php ad_body_temp (web-php.rules)
 * 1:20658 <-> DISABLED <-> POLICY HP Printer firmware update attempt (policy.rules)
 * 1:20659 <-> DISABLED <-> WEB-CLIENT Adobe Reader malformed shading modifier heap corruption attempt (web-client.rules)
 * 1:20660 <-> DISABLED <-> SPECIFIC-THREATS sl.php script injection (specific-threats.rules)
 * 1:20661 <-> DISABLED <-> BOTNET-CNC Simbda variant outbound connection (botnet-cnc.rules)
 * 1:20662 <-> DISABLED <-> SPECIFIC-THREATS Dameware Mini Remote Control username buffer overflow (specific-threats.rules)
 * 1:20663 <-> DISABLED <-> WEB-PHP Comet WebFileManager remote file include in CheckUpload.php Language (web-php.rules)
 * 1:20668 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /content/v1.jar (blacklist.rules)
 * 1:20669 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - w.php?f= (blacklist.rules)
 * 1:20670 <-> DISABLED <-> SPECIFIC-THREATS Asterisk data length field overflow attempt (specific-threats.rules)
 * 1:20676 <-> DISABLED <-> BOTNET-CNC Win32.EggDrop.acn connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20677 <-> DISABLED <-> BOTNET-CNC Win32.EggDrop.acn connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20678 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Genome.aior contact to cnc-server attempt (botnet-cnc.rules)
 * 1:20679 <-> DISABLED <-> BOTNET-CNC Win32.Syrutrk connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20680 <-> DISABLED <-> WEB-PHP Flashchat remote file include in aedating4CMS.php (web-php.rules)
 * 1:20681 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Agent.NMS connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20682 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Agent.NMS connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20683 <-> DISABLED <-> BOTNET-CNC Cleanvaccine connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20684 <-> DISABLED <-> BOTNET-CNC Cleanvaccine connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20685 <-> DISABLED <-> BOTNET-CNC Win32.Heloag.A connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20686 <-> DISABLED <-> BOTNET-CNC Win32.Virut.BM connect to client attempt (botnet-cnc.rules)
 * 1:20687 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Genome.akhg connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20688 <-> DISABLED <-> BOTNET-CNC Trojan-Spy.Win32.Zbot.Jeib connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20689 <-> DISABLED <-> BOTNET-CNC Trojan-Spy.Win32.Zbot.Jeib connect to cnc-server attempt (botnet-cnc.rules)
 * 1:20690 <-> DISABLED <-> SPECIFIC-THREATS Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (specific-threats.rules)
 * 1:20693 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Blackcontrol.A contact to cnc-server attempt (botnet-cnc.rules)
 * 1:20694 <-> DISABLED <-> BOTNET-CNC Win32.SSonce.A backdoor access attempt (botnet-cnc.rules)
 * 1:20695 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.GZW connect to cnc server attempt (botnet-cnc.rules)
 * 1:20696 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ransom.CK connect to cnc server attempt (botnet-cnc.rules)
 * 1:20697 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ransom.CK connect to cnc server attempt (botnet-cnc.rules)
 * 1:20699 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer XSRF timing attack against XSS filter (exploit.rules)
 * 1:20700 <-> DISABLED <-> NETBIOS Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (netbios.rules)
 * 1:20701 <-> DISABLED <-> NETBIOS Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (netbios.rules)
 * 1:20702 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (web-client.rules)
 * 1:20703 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (web-client.rules)
 * 1:20717 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OLE versioned stream missing data stream (specific-threats.rules)
 * 1:20718 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel Lel record memory corruption attempt (specific-threats.rules)
 * 1:20719 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Opltc memory corruption attempt (specific-threats.rules)
 * 1:20720 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2003 EscherStm memory corruption attempt (specific-threats.rules)
 * 1:20721 <-> DISABLED <-> WEB-CLIENT Microsoft Office Publisher PLC object memory corruption attempt (web-client.rules)
 * 1:20722 <-> DISABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (web-client.rules)
 * 1:20723 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20724 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word border use-after-free attempt (specific-threats.rules)
 * 1:20728 <-> DISABLED <-> WEB-PHP WoW Roster remote file include with hslist.php and conf.php (web-php.rules)
 * 1:20731 <-> DISABLED <-> WEB-PHP TSEP remote file include in colorswitch.php tsep_config[absPath] (web-php.rules)
 * 1:20732 <-> DISABLED <-> WEB-PHP Sabdrimer remote file include in advanced1.php pluginpath[0] (web-php.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20734 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player digital video recording buffer overflow attempt (web-client.rules)
 * 1:20737 <-> DISABLED <-> SPECIFIC-THREATS 427BB cookie-based authentication bypass attempt (specific-threats.rules)
 * 1:20738 <-> DISABLED <-> SPECIFIC-THREATS Check Point vpn-1 ISAKMP buffer overflow attempt (specific-threats.rules)
 * 1:20748 <-> DISABLED <-> EXPLOIT Yahoo Messenger possible file transfer spoofing (exploit.rules)
 * 1:20750 <-> DISABLED <-> FILE-IDENTIFY webm file magic detection (file-identify.rules)
 * 1:20751 <-> DISABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20752 <-> DISABLED <-> SPYWARE-PUT Win32.GameVance outbound connection (spyware-put.rules)
 * 1:20753 <-> DISABLED <-> SPYWARE-PUT Win32.GamePlayLabs outbound connection (spyware-put.rules)
 * 1:20761 <-> DISABLED <-> EXPLOIT HP OpenView Storage Data Protector buffer overflow attempt (exploit.rules)
 * 1:20762 <-> DISABLED <-> BOTNET-CNC MacOS.Flashback.A outbound connection (botnet-cnc.rules)
 * 1:20764 <-> DISABLED <-> WEB-MISC SyBase MBusiness xml closing tag overflow attempt (web-misc.rules)
 * 1:20768 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20769 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20770 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20771 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20772 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20773 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20774 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20775 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20776 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20777 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption attempt (specific-threats.rules)
 * 1:20786 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:20787 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20788 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20789 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:2079 <-> DISABLED <-> RPC portmap nlockmgr request UDP (rpc.rules)
 * 1:20790 <-> DISABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:2080 <-> DISABLED <-> RPC portmap nlockmgr request TCP (rpc.rules)
 * 1:20800 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20802 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (specific-threats.rules)
 * 1:20803 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20804 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20805 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20806 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20807 <-> DISABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20808 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20809 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:2081 <-> DISABLED <-> RPC portmap rpc.xfsmd request UDP (rpc.rules)
 * 1:20810 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20811 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:2082 <-> DISABLED <-> RPC portmap rpc.xfsmd request TCP (rpc.rules)
 * 1:20820 <-> DISABLED <-> WEB-CLIENT Oracle Java JNLP parameter argument injection attempt (web-client.rules)
 * 1:20822 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer contenteditable corruption attempt malicious string (specific-threats.rules)
 * 1:20824 <-> DISABLED <-> DOS generic web server hashing collision attack (dos.rules)
 * 1:20828 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (web-iis.rules)
 * 1:20829 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS .NET null character username truncation attempt (web-iis.rules)
 * 1:2083 <-> DISABLED <-> RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules)
 * 1:20831 <-> DISABLED <-> SPECIFIC-THREATS Java Applet Rhino script engine remote code execution attempt (specific-threats.rules)
 * 1:20832 <-> DISABLED <-> WEB-MISC Symantec IM Manager administrator interface SQL injection attempt (web-misc.rules)
 * 1:20836 <-> DISABLED <-> BOTNET-CNC Win32.Zusy.A runtime traffic detected (botnet-cnc.rules)
 * 1:20837 <-> DISABLED <-> BACKDOOR Win32.Mecklow.C runtime traffic detected (backdoor.rules)
 * 1:20838 <-> DISABLED <-> BACKDOOR Win32.Smokebot.A runtime traffic detected (backdoor.rules)
 * 1:20839 <-> DISABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:2084 <-> DISABLED <-> RPC rpc.xfsmd xfs_export attempt TCP (rpc.rules)
 * 1:20840 <-> DISABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> DISABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20842 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20843 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20844 <-> DISABLED <-> BOTNET-CNC Win32.Banker.smxy runtime traffic detected (botnet-cnc.rules)
 * 1:20845 <-> DISABLED <-> WEB-MISC HP Network Node Manager cross site scripting attempt (web-misc.rules)
 * 1:20848 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20850 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20852 <-> DISABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20856 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> DISABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:2087 <-> DISABLED <-> SMTP From comment overflow attempt (smtp.rules)
 * 1:20877 <-> DISABLED <-> BOTNET-CNC RunTime Worm.Win32.Warezov.gs outbound connection (botnet-cnc.rules)
 * 1:20878 <-> DISABLED <-> NETBIOS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (netbios.rules)
 * 1:20879 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (web-client.rules)
 * 1:2088 <-> DISABLED <-> RPC ypupdated arbitrary command attempt UDP (rpc.rules)
 * 1:20880 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow Line 21 decoder exploit attempt (specific-threats.rules)
 * 1:20881 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows embedded packager object with .application extension bypass attempt (specific-threats.rules)
 * 1:20883 <-> DISABLED <-> WEB-CLIENT Microsoft Windows embedded packager object with .application extension bypass attempt (web-client.rules)
 * 1:20884 <-> DISABLED <-> WEB-CLIENT Microsoft Anti-Cross Site Scripting library bypass attempt (web-client.rules)
 * 1:2089 <-> DISABLED <-> RPC ypupdated arbitrary command attempt TCP (rpc.rules)
 * 1:20890 <-> DISABLED <-> BOTNET-CNC Win32.VB.adbp runtime traffic detected (botnet-cnc.rules)
 * 1:20891 <-> DISABLED <-> BOTNET-CNC Win32.VB.adbp runtime traffic detected (botnet-cnc.rules)
 * 1:20892 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Skopvel.A runtime traffic detected (botnet-cnc.rules)
 * 1:20895 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> DISABLED <-> FILE-IDENTIFY MIDI file magic detection (file-identify.rules)
 * 1:20898 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20900 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media MIDI file memory corruption attempt (specific-threats.rules)
 * 1:20902 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20903 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20904 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20917 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:2092 <-> DISABLED <-> RPC portmap proxy integer overflow attempt UDP (rpc.rules)
 * 1:20920 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader DCT dequantizer memory corruption attempt (specific-threats.rules)
 * 1:20922 <-> DISABLED <-> WEB-CLIENT Adobe Reader embedded BMP bit count integer overflow attempt (web-client.rules)
 * 1:20923 <-> DISABLED <-> WEB-CLIENT Adobe Reader embedded BMP bit count integer overflow attempt (web-client.rules)
 * 1:20927 <-> DISABLED <-> BOTNET-CNC Trojan.Spyeye-207 outbound connection (botnet-cnc.rules)
 * 1:20929 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:2093 <-> DISABLED <-> RPC portmap proxy integer overflow attempt TCP (rpc.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:2094 <-> DISABLED <-> RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20986 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20990 <-> DISABLED <-> SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (shellcode.rules)
 * 1:20993 <-> DISABLED <-> SPECIFIC-THREATS HP OpenView Storage Data Protector exec_cmd buffer overflow (specific-threats.rules)
 * 1:20994 <-> DISABLED <-> SPECIFIC-THREATS HP OpenView Storage Data Protector exec_cmd buffer overflow (specific-threats.rules)
 * 1:20995 <-> DISABLED <-> POLICY HP SiteScope integrationViewer default credentials policy-bypass attempt (policy.rules)
 * 1:20996 <-> DISABLED <-> POLICY HP SiteScope integrationViewer default credentials policy-bypass attempt (policy.rules)
 * 1:20997 <-> DISABLED <-> WEB-CLIENT Apple Webkit Display box rendering corruption attempt (web-client.rules)
 * 1:21002 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word border use-after-free attempt (specific-threats.rules)
 * 1:21003 <-> DISABLED <-> BOTNET-CNC Cute Pack cute-ie.html request (botnet-cnc.rules)
 * 1:21004 <-> DISABLED <-> BOTNET-CNC Cute Pack cute-ie.html landing page (botnet-cnc.rules)
 * 1:21005 <-> DISABLED <-> BOTNET-CNC Yang Pack yg.htm download request (botnet-cnc.rules)
 * 1:21006 <-> DISABLED <-> BOTNET-CNC Yang Pack yg.htm landing page (botnet-cnc.rules)
 * 1:21008 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:2101 <-> DISABLED <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:21010 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detection (file-identify.rules)
 * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21028 <-> DISABLED <-> BOTNET-CNC Trojan.Usinec connect to server attempt (botnet-cnc.rules)
 * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:21037 <-> DISABLED <-> POLICY randomized javascript encodings detected (policy.rules)
 * 1:21038 <-> DISABLED <-> POLICY String.fromCharCode with multiple encoding types detected (policy.rules)
 * 1:2104 <-> DISABLED <-> ATTACK-RESPONSES rexec username too long response (attack-responses.rules)
 * 1:21041 <-> ENABLED <-> BLACKLIST URI possible Blackhole URL - main.php?page= (blacklist.rules)
 * 1:21048 <-> DISABLED <-> BLACKLIST DNS request for known malware domain prettylikeher.com - Sykipot (blacklist.rules)
 * 1:21049 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mysundayparty.com - Sykipot (blacklist.rules)
 * 1:2108 <-> DISABLED <-> POP3 CAPA overflow attempt (pop3.rules)
 * 1:2109 <-> DISABLED <-> POP3 TOP overflow attempt (pop3.rules)
 * 1:2110 <-> DISABLED <-> POP3 STAT overflow attempt (pop3.rules)
 * 1:21106 <-> DISABLED <-> FILE-IDENTIFY s3m file download attempt (file-identify.rules)
 * 1:2111 <-> DISABLED <-> POP3 DELE overflow attempt (pop3.rules)
 * 1:2112 <-> DISABLED <-> POP3 RSET overflow attempt (pop3.rules)
 * 1:2113 <-> DISABLED <-> RSERVICES rexec username overflow attempt (rservices.rules)
 * 1:2114 <-> DISABLED <-> RSERVICES rexec password overflow attempt (rservices.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealPlayer realtext file download request (file-identify.rules)
 * 1:2121 <-> DISABLED <-> POP3 DELE negative argument attempt (pop3.rules)
 * 1:2122 <-> DISABLED <-> POP3 UIDL negative argument attempt (pop3.rules)
 * 1:21240 <-> DISABLED <-> BOTNET-CNC MsUpdater Trojan outbound connection (botnet-cnc.rules)
 * 1:21241 <-> DISABLED <-> BOTNET-CNC MsUpdater Trojan initial outbound connection (botnet-cnc.rules)
 * 1:21242 <-> DISABLED <-> BOTNET-CNC MsUpdater Trojan outbound connection (botnet-cnc.rules)
 * 1:21244 <-> ENABLED <-> FILE-IDENTIFY New Executable binary file magic detection (file-identify.rules)
 * 1:21245 <-> DISABLED <-> BLACKLIST DNS query to DNSChanger malware IP address (blacklist.rules)
 * 1:21251 <-> DISABLED <-> BACKDOOR Trojan.Win32.Sirefef.P runtime detection (backdoor.rules)
 * 1:2181 <-> DISABLED <-> P2P BitTorrent transfer (p2p.rules)
 * 1:2183 <-> DISABLED <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules)
 * 1:2190 <-> DISABLED <-> NETBIOS DCERPC invalid bind attempt (netbios.rules)
 * 1:2191 <-> DISABLED <-> NETBIOS SMB DCERPC invalid bind attempt (netbios.rules)
 * 1:2250 <-> DISABLED <-> POP3 USER format string attempt (pop3.rules)
 * 1:2253 <-> DISABLED <-> SMTP XEXCH50 overflow attempt (smtp.rules)
 * 1:2255 <-> DISABLED <-> RPC sadmind query with root credentials attempt TCP (rpc.rules)
 * 1:2259 <-> DISABLED <-> SMTP EXPN overflow attempt (smtp.rules)
 * 1:2260 <-> DISABLED <-> SMTP VRFY overflow attempt (smtp.rules)
 * 1:2275 <-> DISABLED <-> SMTP AUTH LOGON brute force attempt (smtp.rules)
 * 1:2409 <-> DISABLED <-> POP3 APOP USER overflow attempt (pop3.rules)
 * 1:2424 <-> DISABLED <-> NNTP sendsys overflow attempt (nntp.rules)
 * 1:2425 <-> DISABLED <-> NNTP senduuname overflow attempt (nntp.rules)
 * 1:2426 <-> DISABLED <-> NNTP version overflow attempt (nntp.rules)
 * 1:2427 <-> DISABLED <-> NNTP checkgroups overflow attempt (nntp.rules)
 * 1:2428 <-> DISABLED <-> NNTP ihave overflow attempt (nntp.rules)
 * 1:5964 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - track user activity & get 'relates links' of the toolbar (spyware-put.rules)
 * 1:5965 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - get toolbar cfg (spyware-put.rules)
 * 1:5966 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules)
 * 1:5967 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - click result links (spyware-put.rules)
 * 1:5968 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - redirect (spyware-put.rules)
 * 1:5969 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - collect information (spyware-put.rules)
 * 1:5970 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules)
 * 1:5971 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules)
 * 1:5972 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - ie autosearch hijack 1 (spyware-put.rules)
 * 1:5973 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules)
 * 1:5974 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules)
 * 1:5975 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules)
 * 1:5976 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules)
 * 1:5977 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules)
 * 1:5978 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules)
 * 1:5979 <-> DISABLED <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules)
 * 1:598 <-> DISABLED <-> RPC portmap listing TCP 111 (rpc.rules)
 * 1:5980 <-> DISABLED <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules)
 * 1:5981 <-> DISABLED <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules)
 * 1:5982 <-> DISABLED <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules)
 * 1:5983 <-> DISABLED <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules)
 * 1:5984 <-> DISABLED <-> SPYWARE-PUT Trackware push toolbar installtime detection - user information collect (spyware-put.rules)
 * 1:5985 <-> DISABLED <-> SPYWARE-PUT Trackware push toolbar runtime detection - toolbar information request (spyware-put.rules)
 * 1:5986 <-> DISABLED <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules)
 * 1:5987 <-> DISABLED <-> SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules)
 * 1:5988 <-> DISABLED <-> SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules)
 * 1:5989 <-> DISABLED <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules)
 * 1:599 <-> DISABLED <-> RPC portmap listing TCP 32771 (rpc.rules)
 * 1:5990 <-> DISABLED <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules)
 * 1:5991 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - search request (spyware-put.rules)
 * 1:5992 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules)
 * 1:5993 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules)
 * 1:5994 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules)
 * 1:5995 <-> DISABLED <-> SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules)
 * 1:5996 <-> DISABLED <-> SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules)
 * 1:5998 <-> DISABLED <-> P2P Skype client login startup (p2p.rules)
 * 1:5999 <-> DISABLED <-> P2P Skype client login (p2p.rules)
 * 1:601 <-> DISABLED <-> RSERVICES rlogin LinuxNIS (rservices.rules)
 * 1:6012 <-> DISABLED <-> BACKDOOR coolcat runtime connection detection - tcp 1 (backdoor.rules)
 * 1:6013 <-> DISABLED <-> BACKDOOR coolcat runtime connection detection - tcp 2 (backdoor.rules)
 * 1:6015 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
 * 1:6016 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
 * 1:6017 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - disconnect (backdoor.rules)
 * 1:6018 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:6019 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules)
 * 1:602 <-> DISABLED <-> RSERVICES rlogin bin (rservices.rules)
 * 1:6020 <-> DISABLED <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules)
 * 1:6021 <-> DISABLED <-> BACKDOOR silent spy 2.10 command response port 4225 (backdoor.rules)
 * 1:6022 <-> DISABLED <-> BACKDOOR silent spy 2.10 command response port 4226 (backdoor.rules)
 * 1:6023 <-> DISABLED <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules)
 * 1:6024 <-> DISABLED <-> BACKDOOR nuclear rat v6_21 runtime detection (backdoor.rules)
 * 1:6026 <-> DISABLED <-> BACKDOOR dimbus 1.0 runtime detection - get pc info (backdoor.rules)
 * 1:6028 <-> DISABLED <-> BACKDOOR cyberpaky runtime detection (backdoor.rules)
 * 1:6029 <-> DISABLED <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules)
 * 1:603 <-> DISABLED <-> RSERVICES rlogin echo++ (rservices.rules)
 * 1:6035 <-> DISABLED <-> BACKDOOR minicommand runtime detection - initial connection server-to-client (backdoor.rules)
 * 1:6037 <-> DISABLED <-> BACKDOOR netbus 1.7 runtime detection - email notification (backdoor.rules)
 * 1:6039 <-> DISABLED <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules)
 * 1:604 <-> DISABLED <-> RSERVICES rsh froot (rservices.rules)
 * 1:6040 <-> DISABLED <-> BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules)
 * 1:6042 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules)
 * 1:6043 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules)
 * 1:6044 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
 * 1:6045 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
 * 1:6046 <-> DISABLED <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
 * 1:6047 <-> DISABLED <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules)
 * 1:6048 <-> DISABLED <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules)
 * 1:6049 <-> DISABLED <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules)
 * 1:605 <-> DISABLED <-> RSERVICES rlogin login failure (rservices.rules)
 * 1:6050 <-> DISABLED <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules)
 * 1:6051 <-> DISABLED <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
 * 1:6052 <-> DISABLED <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
 * 1:6053 <-> DISABLED <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
 * 1:6054 <-> DISABLED <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
 * 1:6055 <-> DISABLED <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
 * 1:6056 <-> DISABLED <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
 * 1:6058 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules)
 * 1:6059 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules)
 * 1:606 <-> DISABLED <-> RSERVICES rlogin root (rservices.rules)
 * 1:6060 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
 * 1:6061 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
 * 1:6062 <-> DISABLED <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
 * 1:6063 <-> DISABLED <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
 * 1:6064 <-> DISABLED <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
 * 1:6066 <-> DISABLED <-> BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (backdoor.rules)
 * 1:324 <-> DISABLED <-> FINGER null request (finger.rules)
 * 1:326 <-> DISABLED <-> FINGER remote command execution attempt (finger.rules)
 * 1:327 <-> DISABLED <-> FINGER remote command pipe execution attempt (finger.rules)
 * 1:328 <-> DISABLED <-> FINGER bomb attempt (finger.rules)
 * 1:330 <-> DISABLED <-> FINGER redirection attempt (finger.rules)
 * 1:331 <-> DISABLED <-> FINGER cybercop query (finger.rules)
 * 1:332 <-> DISABLED <-> FINGER 0 query (finger.rules)
 * 1:3459 <-> DISABLED <-> P2P Manolito Search Query (p2p.rules)
 * 1:3461 <-> DISABLED <-> SMTP Content-Type overflow attempt (smtp.rules)
 * 1:3462 <-> DISABLED <-> SMTP Content-Encoding overflow attempt (smtp.rules)
 * 1:3473 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL file overflow attempt (web-client.rules)
 * 1:3486 <-> DISABLED <-> MISC Microsoft Windows SSLv3 invalid data version attempt (misc.rules)
 * 1:3493 <-> DISABLED <-> SMTP SSLv2 Client_Hello request (smtp.rules)
 * 1:3494 <-> DISABLED <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
 * 1:3495 <-> DISABLED <-> SMTP TLSv1 Client_Hello request (smtp.rules)
 * 1:3496 <-> DISABLED <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
 * 1:3497 <-> DISABLED <-> SMTP SSLv2 Server_Hello request (smtp.rules)
 * 1:3498 <-> DISABLED <-> SMTP TLSv1 Server_Hello request (smtp.rules)
 * 1:3534 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - NETSCAPE2.0 (web-client.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:3590 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:3591 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:3627 <-> DISABLED <-> POLICY X-LINK2STATE CHUNK command attempt (policy.rules)
 * 1:3628 <-> DISABLED <-> POLICY Data Rescue IDA Pro startup license check attempt (policy.rules)
 * 1:363 <-> DISABLED <-> ICMP-INFO IRDP router advertisement (icmp-info.rules)
 * 1:3631 <-> DISABLED <-> ORACLE ftp user name buffer overflow attempt (oracle.rules)
 * 1:3635 <-> DISABLED <-> BACKDOOR Amanda 2.0 connection established (backdoor.rules)
 * 1:3636 <-> DISABLED <-> BACKDOOR Crazzy Net 5.0 connection established (backdoor.rules)
 * 1:364 <-> DISABLED <-> ICMP-INFO IRDP router selection (icmp-info.rules)
 * 1:3647 <-> DISABLED <-> NETBIOS SMB Trans andx data displacement null pointer DOS attempt (netbios.rules)
 * 1:3648 <-> DISABLED <-> NETBIOS SMB Trans data displacement null pointer DOS attempt (netbios.rules)
 * 1:3649 <-> DISABLED <-> NETBIOS SMB Trans unicode data displacement null pointer DOS attempt (netbios.rules)
 * 1:365 <-> DISABLED <-> ICMP-INFO PING undefined code (icmp-info.rules)
 * 1:3650 <-> DISABLED <-> NETBIOS SMB Trans unicode andx data displacement null pointer DOS attempt (netbios.rules)
 * 1:3653 <-> DISABLED <-> SMTP SAML overflow attempt (smtp.rules)
 * 1:3654 <-> DISABLED <-> SMTP SOML overflow attempt (smtp.rules)
 * 1:3655 <-> DISABLED <-> SMTP SEND overflow attempt (smtp.rules)
 * 1:3657 <-> DISABLED <-> ORACLE ctxsys.driload attempt (oracle.rules)
 * 1:366 <-> DISABLED <-> ICMP-INFO PING *NIX (icmp-info.rules)
 * 1:3674 <-> DISABLED <-> WEB-CGI db4web_c directory traversal attempt (web-cgi.rules)
 * 1:368 <-> DISABLED <-> ICMP-INFO PING BSDtype (icmp-info.rules)
 * 1:3680 <-> DISABLED <-> P2P AOL Instant Messenger file send attempt (p2p.rules)
 * 1:3681 <-> DISABLED <-> P2P AOL Instant Messenger file receive attempt (p2p.rules)
 * 1:369 <-> DISABLED <-> ICMP-INFO PING BayRS Router (icmp-info.rules)
 * 1:3690 <-> DISABLED <-> WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules)
 * 1:3691 <-> DISABLED <-> CHAT Yahoo Messenger Message (chat.rules)
 * 1:3692 <-> DISABLED <-> CHAT Yahoo Messenger File Transfer Initiation Request (chat.rules)
 * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules)
 * 1:370 <-> DISABLED <-> ICMP-INFO PING BeOS4.x (icmp-info.rules)
 * 1:371 <-> DISABLED <-> ICMP-INFO PING Cisco Type.x (icmp-info.rules)
 * 1:372 <-> DISABLED <-> ICMP-INFO PING Delphi-Piette Windows (icmp-info.rules)
 * 1:373 <-> DISABLED <-> ICMP-INFO PING Flowpoint2200 or Network Management Software (icmp-info.rules)
 * 1:374 <-> DISABLED <-> ICMP-INFO PING IP NetMonitor Macintosh (icmp-info.rules)
 * 1:375 <-> DISABLED <-> ICMP-INFO PING LINUX/*BSD (icmp-info.rules)
 * 1:376 <-> DISABLED <-> ICMP-INFO PING Microsoft Windows (icmp-info.rules)
 * 1:377 <-> DISABLED <-> ICMP-INFO PING Network Toolbox 3 Windows (icmp-info.rules)
 * 1:378 <-> DISABLED <-> ICMP-INFO PING Ping-O-MeterWindows (icmp-info.rules)
 * 1:379 <-> DISABLED <-> ICMP-INFO PING Pinger Windows (icmp-info.rules)
 * 1:380 <-> DISABLED <-> ICMP-INFO PING Seer Windows (icmp-info.rules)
 * 1:381 <-> DISABLED <-> ICMP-INFO PING Oracle Solaris (icmp-info.rules)
 * 1:3813 <-> DISABLED <-> WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules)
 * 1:3814 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javaprxy.dll COM access (web-client.rules)
 * 1:3815 <-> DISABLED <-> SMTP eXchange POP3 mail server overflow attempt (smtp.rules)
 * 1:382 <-> DISABLED <-> ICMP-INFO PING Windows (icmp-info.rules)
 * 1:3820 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CHM file transfer attempt (web-client.rules)
 * 1:3825 <-> DISABLED <-> POLICY AOL Instant Messenger Message Send (policy.rules)
 * 1:3826 <-> DISABLED <-> POLICY AOL Instant Messenger Message Receive (policy.rules)
 * 1:384 <-> DISABLED <-> ICMP-INFO PING (icmp-info.rules)
 * 1:385 <-> DISABLED <-> ICMP-INFO traceroute (icmp-info.rules)
 * 1:386 <-> DISABLED <-> ICMP-INFO Address Mask Reply (icmp-info.rules)
 * 1:387 <-> DISABLED <-> ICMP-INFO Address Mask Reply undefined code (icmp-info.rules)
 * 1:388 <-> DISABLED <-> ICMP-INFO Address Mask Request (icmp-info.rules)
 * 1:389 <-> DISABLED <-> ICMP-INFO Address Mask Request undefined code (icmp-info.rules)
 * 1:390 <-> DISABLED <-> ICMP-INFO Alternate Host Address (icmp-info.rules)
 * 1:391 <-> DISABLED <-> ICMP-INFO Alternate Host Address undefined code (icmp-info.rules)
 * 1:392 <-> DISABLED <-> ICMP-INFO Datagram Conversion Error (icmp-info.rules)
 * 1:393 <-> DISABLED <-> ICMP-INFO Datagram Conversion Error undefined code (icmp-info.rules)
 * 1:394 <-> DISABLED <-> ICMP-INFO Destination Unreachable Destination Host Unknown (icmp-info.rules)
 * 1:395 <-> DISABLED <-> ICMP-INFO Destination Unreachable Destination Network Unknown (icmp-info.rules)
 * 1:396 <-> DISABLED <-> ICMP-INFO Destination Unreachable Fragmentation Needed and DF bit was set (icmp-info.rules)
 * 1:397 <-> DISABLED <-> ICMP-INFO Destination Unreachable Host Precedence Violation (icmp-info.rules)
 * 1:398 <-> DISABLED <-> ICMP-INFO Destination Unreachable Host Unreachable for Type of Service (icmp-info.rules)
 * 1:399 <-> DISABLED <-> ICMP-INFO Destination Unreachable Host Unreachable (icmp-info.rules)
 * 1:400 <-> DISABLED <-> ICMP-INFO Destination Unreachable Network Unreachable for Type of Service (icmp-info.rules)
 * 1:401 <-> DISABLED <-> ICMP-INFO Destination Unreachable Network Unreachable (icmp-info.rules)
 * 1:402 <-> DISABLED <-> ICMP-INFO Destination Unreachable Port Unreachable (icmp-info.rules)
 * 1:403 <-> DISABLED <-> ICMP-INFO Destination Unreachable Precedence Cutoff in effect (icmp-info.rules)
 * 1:404 <-> DISABLED <-> ICMP-INFO Destination Unreachable Protocol Unreachable (icmp-info.rules)
 * 1:405 <-> DISABLED <-> ICMP-INFO Destination Unreachable Source Host Isolated (icmp-info.rules)
 * 1:406 <-> DISABLED <-> ICMP-INFO Destination Unreachable Source Route Failed (icmp-info.rules)
 * 1:407 <-> DISABLED <-> ICMP-INFO Destination Unreachable cndefined code (icmp-info.rules)
 * 1:408 <-> DISABLED <-> ICMP-INFO Echo Reply (icmp-info.rules)
 * 1:409 <-> DISABLED <-> ICMP-INFO Echo Reply undefined code (icmp-info.rules)
 * 1:410 <-> DISABLED <-> ICMP-INFO Fragment Reassembly Time Exceeded (icmp-info.rules)
 * 1:411 <-> DISABLED <-> ICMP-INFO IPV6 I-Am-Here (icmp-info.rules)
 * 1:412 <-> DISABLED <-> ICMP-INFO IPV6 I-Am-Here undefined code (icmp-info.rules)
 * 1:4128 <-> DISABLED <-> WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules)
 * 1:413 <-> DISABLED <-> ICMP-INFO IPV6 Where-Are-You (icmp-info.rules)
 * 1:4132 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer msdds clsid attempt (web-client.rules)
 * 1:4133 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer devenum clsid attempt (web-client.rules)
 * 1:4134 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer blnmgr clsid attempt (web-client.rules)
 * 1:414 <-> DISABLED <-> ICMP-INFO IPV6 Where-Are-You undefined code (icmp-info.rules)
 * 1:4142 <-> DISABLED <-> ORACLE reports servlet command execution attempt (oracle.rules)
 * 1:415 <-> DISABLED <-> ICMP-INFO Information Reply (icmp-info.rules)
 * 1:416 <-> DISABLED <-> ICMP-INFO Information Reply undefined code (icmp-info.rules)
 * 1:4167 <-> ENABLED <-> WEB-ACTIVEX MSN Heartbeat ActiveX clsid access (web-activex.rules)
 * 1:417 <-> DISABLED <-> ICMP-INFO Information Request (icmp-info.rules)
 * 1:418 <-> DISABLED <-> ICMP-INFO Information Request undefined code (icmp-info.rules)
 * 1:419 <-> DISABLED <-> ICMP-INFO Mobile Host Redirect (icmp-info.rules)
 * 1:420 <-> DISABLED <-> ICMP-INFO Mobile Host Redirect undefined code (icmp-info.rules)
 * 1:421 <-> DISABLED <-> ICMP-INFO Mobile Registration Reply (icmp-info.rules)
 * 1:422 <-> DISABLED <-> ICMP-INFO Mobile Registration Reply undefined code (icmp-info.rules)
 * 1:423 <-> DISABLED <-> ICMP-INFO Mobile Registration Request (icmp-info.rules)
 * 1:424 <-> DISABLED <-> ICMP-INFO Mobile Registration Request undefined code (icmp-info.rules)
 * 1:425 <-> DISABLED <-> ICMP-INFO Parameter Problem Bad Length (icmp-info.rules)
 * 1:426 <-> DISABLED <-> ICMP-INFO Parameter Problem Missing a Required Option (icmp-info.rules)
 * 1:427 <-> DISABLED <-> ICMP-INFO Parameter Problem Unspecified Error (icmp-info.rules)
 * 1:428 <-> DISABLED <-> ICMP-INFO Parameter Problem undefined Code (icmp-info.rules)
 * 1:429 <-> DISABLED <-> ICMP-INFO Photuris Reserved (icmp-info.rules)
 * 1:430 <-> DISABLED <-> ICMP-INFO Photuris Unknown Security Parameters Index (icmp-info.rules)
 * 1:431 <-> DISABLED <-> ICMP-INFO Photuris Valid Security Parameters, But Authentication Failed (icmp-info.rules)
 * 1:432 <-> DISABLED <-> ICMP-INFO Photuris Valid Security Parameters, But Decryption Failed (icmp-info.rules)
 * 1:433 <-> DISABLED <-> ICMP-INFO Photuris undefined code! (icmp-info.rules)
 * 1:4334 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:436 <-> DISABLED <-> ICMP-INFO Redirect for TOS and Host (icmp-info.rules)
 * 1:437 <-> DISABLED <-> ICMP-INFO Redirect for TOS and Network (icmp-info.rules)
 * 1:438 <-> DISABLED <-> ICMP-INFO Redirect undefined code (icmp-info.rules)
 * 1:439 <-> DISABLED <-> ICMP-INFO Reserved for Security Type 19 (icmp-info.rules)
 * 1:440 <-> DISABLED <-> ICMP-INFO Reserved for Security Type 19 undefined code (icmp-info.rules)
 * 1:441 <-> DISABLED <-> ICMP-INFO Router Advertisement (icmp-info.rules)
 * 1:4413 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (netbios.rules)
 * 1:443 <-> DISABLED <-> ICMP-INFO Router Selection (icmp-info.rules)
 * 1:445 <-> DISABLED <-> ICMP-INFO SKIP (icmp-info.rules)
 * 1:446 <-> DISABLED <-> ICMP-INFO SKIP undefined code (icmp-info.rules)
 * 1:448 <-> DISABLED <-> ICMP-INFO Source Quench undefined code (icmp-info.rules)
 * 1:449 <-> DISABLED <-> ICMP-INFO Time-To-Live Exceeded in Transit (icmp-info.rules)
 * 1:450 <-> DISABLED <-> ICMP-INFO Time-To-Live Exceeded in Transit undefined code (icmp-info.rules)
 * 1:451 <-> DISABLED <-> ICMP-INFO Timestamp Reply (icmp-info.rules)
 * 1:452 <-> DISABLED <-> ICMP-INFO Timestamp Reply undefined code (icmp-info.rules)
 * 1:453 <-> DISABLED <-> ICMP-INFO Timestamp Request (icmp-info.rules)
 * 1:454 <-> DISABLED <-> ICMP-INFO Timestamp Request undefined code (icmp-info.rules)
 * 1:456 <-> DISABLED <-> ICMP-INFO Traceroute (icmp-info.rules)
 * 1:457 <-> DISABLED <-> ICMP-INFO Traceroute undefined code (icmp-info.rules)
 * 1:458 <-> DISABLED <-> ICMP-INFO unassigned type 1 (icmp-info.rules)
 * 1:459 <-> DISABLED <-> ICMP-INFO unassigned type 1 undefined code (icmp-info.rules)
 * 1:460 <-> DISABLED <-> ICMP-INFO unassigned type 2 (icmp-info.rules)
 * 1:4608 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (netbios.rules)
 * 1:461 <-> DISABLED <-> ICMP-INFO unassigned type 2 undefined code (icmp-info.rules)
 * 1:462 <-> DISABLED <-> ICMP-INFO unassigned type 7 (icmp-info.rules)
 * 1:463 <-> ENABLED <-> ICMP-INFO unassigned type 7 undefined code (icmp-info.rules)
 * 1:4643 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file buffer overflow attempt (web-client.rules)
 * 1:4644 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file with comment buffer overflow attempt (web-client.rules)
 * 1:4651 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
 * 1:4652 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
 * 1:4653 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
 * 1:4654 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
 * 1:4655 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
 * 1:4656 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
 * 1:4657 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
 * 1:4658 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
 * 1:4659 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
 * 1:4660 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
 * 1:4661 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
 * 1:4662 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
 * 1:4663 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
 * 1:4664 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
 * 1:4665 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
 * 1:4666 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
 * 1:4667 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
 * 1:4668 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
 * 1:4669 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
 * 1:4670 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
 * 1:4671 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
 * 1:4672 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
 * 1:4673 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
 * 1:4674 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
 * 1:4826 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
 * 1:490 <-> DISABLED <-> POLICY battle-mail traffic (policy.rules)
 * 1:4918 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
 * 1:493 <-> DISABLED <-> POLICY psyBNC access (policy.rules)
 * 1:495 <-> DISABLED <-> ATTACK-RESPONSES command error (attack-responses.rules)
 * 1:5095 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules)
 * 1:5096 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules)
 * 1:510 <-> DISABLED <-> POLICY HP JetDirect LCD modification attempt (policy.rules)
 * 1:529 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules)
 * 1:5319 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Metasploit picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
 * 1:534 <-> DISABLED <-> NETBIOS SMB CD.. (netbios.rules)
 * 1:535 <-> DISABLED <-> NETBIOS SMB CD... (netbios.rules)
 * 1:540 <-> DISABLED <-> CHAT MSN message (chat.rules)
 * 1:541 <-> DISABLED <-> CHAT ICQ access (chat.rules)
 * 1:542 <-> DISABLED <-> CHAT IRC nick change (chat.rules)
 * 1:543 <-> DISABLED <-> POLICY FTP 'STOR 1MB' possible warez site (policy.rules)
 * 1:544 <-> DISABLED <-> POLICY FTP 'RETR 1MB' possible warez site (policy.rules)
 * 1:545 <-> DISABLED <-> POLICY FTP 'CWD / ' possible warez site (policy.rules)
 * 1:546 <-> DISABLED <-> POLICY FTP 'CWD  ' possible warez site (policy.rules)
 * 1:547 <-> DISABLED <-> POLICY FTP 'MKD  ' possible warez site (policy.rules)
 * 1:548 <-> DISABLED <-> POLICY FTP 'MKD .' possible warez site (policy.rules)
 * 1:554 <-> DISABLED <-> POLICY FTP 'MKD / ' possible warez site (policy.rules)
 * 1:555 <-> DISABLED <-> POLICY WinGate telnet server response (policy.rules)
 * 1:556 <-> DISABLED <-> P2P Outbound GNUTella client request (p2p.rules)
 * 1:557 <-> DISABLED <-> P2P GNUTella client request (p2p.rules)
 * 1:560 <-> DISABLED <-> POLICY VNC server response (policy.rules)
 * 1:566 <-> DISABLED <-> POLICY PCAnywhere server response (policy.rules)
 * 1:567 <-> DISABLED <-> POLICY SMTP relaying denied (policy.rules)
 * 1:568 <-> DISABLED <-> POLICY HP JetDirect LCD modification attempt (policy.rules)
 * 1:5680 <-> DISABLED <-> NETBIOS SMB Session Setup username overflow attempt (netbios.rules)
 * 1:5681 <-> DISABLED <-> NETBIOS SMB Session Setup unicode username overflow attempt (netbios.rules)
 * 1:5683 <-> DISABLED <-> NETBIOS SMB Session Setup andx username overflow attempt (netbios.rules)
 * 1:5684 <-> DISABLED <-> NETBIOS SMB Session Setup unicode andx username overflow attempt (netbios.rules)
 * 1:5685 <-> DISABLED <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
 * 1:5686 <-> DISABLED <-> SMTP TLSv1 Server_Hello request (smtp.rules)
 * 1:5687 <-> DISABLED <-> SMTP SSLv2 Client_Hello request (smtp.rules)
 * 1:5688 <-> DISABLED <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
 * 1:5689 <-> DISABLED <-> SMTP TLSv1 Client_Hello request (smtp.rules)
 * 1:5690 <-> DISABLED <-> SMTP SSLv3 Client_Hello request (smtp.rules)
 * 1:5691 <-> DISABLED <-> SMTP SSLv2 Server_Hello request (smtp.rules)
 * 1:5692 <-> DISABLED <-> P2P Skype client successful install (p2p.rules)
 * 1:5693 <-> DISABLED <-> P2P Skype client start up get latest version attempt (p2p.rules)
 * 1:5694 <-> DISABLED <-> P2P Skype client setup get newest version attempt (p2p.rules)
 * 1:5711 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:5712 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules)
 * 1:5713 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Metafile invalid header size integer overflow (web-client.rules)
 * 1:5714 <-> DISABLED <-> SMTP x-unix-mode executable mail attachment (smtp.rules)
 * 1:5716 <-> DISABLED <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5717 <-> DISABLED <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:5718 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5719 <-> DISABLED <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:5720 <-> DISABLED <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5721 <-> DISABLED <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5722 <-> DISABLED <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5723 <-> DISABLED <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5724 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5725 <-> DISABLED <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5726 <-> DISABLED <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5727 <-> DISABLED <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5728 <-> DISABLED <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
 * 1:5729 <-> DISABLED <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
 * 1:5730 <-> DISABLED <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
 * 1:5731 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5732 <-> DISABLED <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5733 <-> DISABLED <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5734 <-> DISABLED <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5735 <-> DISABLED <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5736 <-> DISABLED <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5737 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5738 <-> DISABLED <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5739 <-> DISABLED <-> SMTP headers too long server response (smtp.rules)
 * 1:574 <-> DISABLED <-> RPC mountd TCP export request (rpc.rules)
 * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:5742 <-> DISABLED <-> SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules)
 * 1:5743 <-> DISABLED <-> SPYWARE-PUT Hijacker actualnames runtime detection - plugin list (spyware-put.rules)
 * 1:5744 <-> DISABLED <-> SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules)
 * 1:5745 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - redirect (spyware-put.rules)
 * 1:5746 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules)
 * 1:5747 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - log hits (spyware-put.rules)
 * 1:5748 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - ads (spyware-put.rules)
 * 1:5749 <-> DISABLED <-> SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules)
 * 1:575 <-> DISABLED <-> RPC portmap admind request UDP (rpc.rules)
 * 1:5750 <-> DISABLED <-> SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules)
 * 1:5751 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 1 (spyware-put.rules)
 * 1:5752 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 2 (spyware-put.rules)
 * 1:5753 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - topsearches (spyware-put.rules)
 * 1:5754 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - ie auto search hijack (spyware-put.rules)
 * 1:5755 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - check update (spyware-put.rules)
 * 1:5756 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - add coolsites to ie favorites (spyware-put.rules)
 * 1:5757 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - check toolbar setting (spyware-put.rules)
 * 1:5758 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - download fastclick pop-under code (spyware-put.rules)
 * 1:5759 <-> DISABLED <-> SPYWARE-PUT Keylogger fearlesskeyspy runtime detection (spyware-put.rules)
 * 1:576 <-> DISABLED <-> RPC portmap amountd request UDP (rpc.rules)
 * 1:5760 <-> DISABLED <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules)
 * 1:5761 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - ads popup (spyware-put.rules)
 * 1:5762 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - p2p information request (spyware-put.rules)
 * 1:5763 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - chat request (spyware-put.rules)
 * 1:5764 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules)
 * 1:5765 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules)
 * 1:5766 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules)
 * 1:5767 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules)
 * 1:5768 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules)
 * 1:5769 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules)
 * 1:577 <-> DISABLED <-> RPC portmap bootparam request UDP (rpc.rules)
 * 1:5770 <-> DISABLED <-> SPYWARE-PUT Snoopware casinoonnet runtime detection (spyware-put.rules)
 * 1:5773 <-> DISABLED <-> SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules)
 * 1:5774 <-> DISABLED <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules)
 * 1:5775 <-> DISABLED <-> SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules)
 * 1:5776 <-> DISABLED <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules)
 * 1:5777 <-> DISABLED <-> SPYWARE-PUT Keylogger gurl watcher runtime detection (spyware-put.rules)
 * 1:5778 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules)
 * 1:5779 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwpe shell file logs (spyware-put.rules)
 * 1:578 <-> DISABLED <-> RPC portmap cmsd request UDP (rpc.rules)
 * 1:5780 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwpe word filtered echelon log (spyware-put.rules)
 * 1:5781 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwae windows activity logs (spyware-put.rules)
 * 1:5782 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwae word filtered echelon log (spyware-put.rules)
 * 1:5783 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwae keystrokes log (spyware-put.rules)
 * 1:5784 <-> DISABLED <-> SPYWARE-PUT Keylogger runtime detection - hwae urls browsed log (spyware-put.rules)
 * 1:5785 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules)
 * 1:5786 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules)
 * 1:5787 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules)
 * 1:5788 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - click toolbar buttons (spyware-put.rules)
 * 1:5789 <-> DISABLED <-> SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules)
 * 1:579 <-> DISABLED <-> RPC portmap mountd request UDP (rpc.rules)
 * 1:5790 <-> DISABLED <-> SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules)
 * 1:5791 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - get pin (spyware-put.rules)
 * 1:5792 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - active proxy (spyware-put.rules)
 * 1:5793 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - redirect (spyware-put.rules)
 * 1:5794 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules)
 * 1:5795 <-> DISABLED <-> SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules)
 * 1:5796 <-> DISABLED <-> SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules)
 * 1:5798 <-> DISABLED <-> SPYWARE-PUT Adware mydailyhoroscope runtime detection (spyware-put.rules)
 * 1:5799 <-> DISABLED <-> SPYWARE-PUT mydailyhoroscope update or installation in progress (spyware-put.rules)
 * 1:581 <-> DISABLED <-> RPC portmap pcnfsd request UDP (rpc.rules)
 * 1:5810 <-> DISABLED <-> SPYWARE-PUT Hijacker shop at home select installation in progress (spyware-put.rules)
 * 1:5811 <-> DISABLED <-> SPYWARE-PUT shop at home select installation in progress - clsid detected (spyware-put.rules)
 * 1:5812 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - email notification (spyware-put.rules)
 * 1:5813 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules)
 * 1:5814 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules)
 * 1:5815 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules)
 * 1:5816 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules)
 * 1:5817 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
 * 1:5818 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
 * 1:5819 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
 * 1:582 <-> DISABLED <-> RPC portmap rexd request UDP (rpc.rules)
 * 1:5820 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules)
 * 1:5821 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules)
 * 1:5822 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules)
 * 1:5823 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules)
 * 1:5824 <-> DISABLED <-> SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules)
 * 1:5825 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules)
 * 1:5826 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - pass user info to server (spyware-put.rules)
 * 1:5827 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - get gateway (spyware-put.rules)
 * 1:5828 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules)
 * 1:5829 <-> DISABLED <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules)
 * 1:583 <-> DISABLED <-> RPC portmap rstatd request UDP (rpc.rules)
 * 1:5834 <-> DISABLED <-> SPYWARE-PUT Trickler conscorr runtime detection (spyware-put.rules)
 * 1:5835 <-> DISABLED <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules)
 * 1:5836 <-> DISABLED <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules)
 * 1:5837 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules)
 * 1:5838 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules)
 * 1:5839 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - click sponsor/ad link (spyware-put.rules)
 * 1:584 <-> DISABLED <-> RPC portmap rusers request UDP (rpc.rules)
 * 1:5840 <-> DISABLED <-> SPYWARE-PUT Hijacker sep runtime detection (spyware-put.rules)
 * 1:5841 <-> DISABLED <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules)
 * 1:5842 <-> DISABLED <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules)
 * 1:5843 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - hijack ie auto search (spyware-put.rules)
 * 1:5844 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - post request (spyware-put.rules)
 * 1:5845 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - update request (spyware-put.rules)
 * 1:5846 <-> DISABLED <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules)
 * 1:585 <-> DISABLED <-> RPC portmap sadmind request UDP (rpc.rules)
 * 1:5855 <-> DISABLED <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - request config (spyware-put.rules)
 * 1:5857 <-> DISABLED <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules)
 * 1:5858 <-> DISABLED <-> SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules)
 * 1:5859 <-> DISABLED <-> SPYWARE-PUT Hijacker daosearch runtime detection - information request (spyware-put.rules)
 * 1:586 <-> DISABLED <-> RPC portmap selection_svc request UDP (rpc.rules)
 * 1:5860 <-> DISABLED <-> SPYWARE-PUT Hijacker daosearch runtime detection - search hijack (spyware-put.rules)
 * 1:5861 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - toolbar information request (spyware-put.rules)
 * 1:5862 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - search hijack 1 (spyware-put.rules)
 * 1:5863 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - search hijack 2 (spyware-put.rules)
 * 1:5864 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - search in toolbar (spyware-put.rules)
 * 1:5865 <-> DISABLED <-> SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules)
 * 1:5866 <-> DISABLED <-> SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules)
 * 1:5867 <-> DISABLED <-> SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules)
 * 1:5868 <-> DISABLED <-> SPYWARE-PUT Hijacker couponbar runtime detection - view coupon offers (spyware-put.rules)
 * 1:587 <-> DISABLED <-> RPC portmap status request UDP (rpc.rules)
 * 1:5871 <-> DISABLED <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules)
 * 1:5872 <-> DISABLED <-> SPYWARE-PUT Snoopware hyperlinker runtime detection (spyware-put.rules)
 * 1:5873 <-> DISABLED <-> SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules)
 * 1:5874 <-> DISABLED <-> SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules)
 * 1:5875 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool eraser runtime detection - detonate (spyware-put.rules)
 * 1:5876 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool eraser runtime detection - disinfect (spyware-put.rules)
 * 1:589 <-> DISABLED <-> RPC portmap yppasswd request UDP (rpc.rules)
 * 1:5890 <-> DISABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules)
 * 1:5891 <-> DISABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules)
 * 1:5892 <-> DISABLED <-> SPYWARE-PUT Trackware wordiq toolbar runtime detection - get link info (spyware-put.rules)
 * 1:5893 <-> DISABLED <-> SPYWARE-PUT Trackware wordiq toolbar runtime detection - search keyword (spyware-put.rules)
 * 1:5894 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - smb (spyware-put.rules)
 * 1:5895 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules)
 * 1:5896 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules)
 * 1:5897 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules)
 * 1:5898 <-> DISABLED <-> SPYWARE-PUT Trackware adtools runtime detection - track user activity (spyware-put.rules)
 * 1:5899 <-> DISABLED <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules)
 * 1:591 <-> DISABLED <-> RPC portmap ypupdated request TCP (rpc.rules)
 * 1:5911 <-> DISABLED <-> SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules)
 * 1:5913 <-> DISABLED <-> SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules)
 * 1:5914 <-> DISABLED <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules)
 * 1:5915 <-> DISABLED <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules)
 * 1:5916 <-> DISABLED <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules)
 * 1:5917 <-> DISABLED <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules)
 * 1:5918 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules)
 * 1:5919 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - redirect to klikvipsearch (spyware-put.rules)
 * 1:5920 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - redirect yahoo search through online-casino-searcher (spyware-put.rules)
 * 1:5921 <-> DISABLED <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules)
 * 1:5922 <-> DISABLED <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules)
 * 1:5923 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - side search request (spyware-put.rules)
 * 1:5924 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - redirect (spyware-put.rules)
 * 1:5925 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules)
 * 1:5926 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules)
 * 1:5927 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules)
 * 1:5928 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules)
 * 1:5929 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules)
 * 1:5940 <-> DISABLED <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules)
 * 1:5941 <-> DISABLED <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - track (spyware-put.rules)
 * 1:5942 <-> DISABLED <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules)
 * 1:5943 <-> DISABLED <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules)
 * 1:5944 <-> DISABLED <-> SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules)
 * 1:5945 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules)
 * 1:5946 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules)
 * 1:5947 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - log url (spyware-put.rules)
 * 1:5948 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - update notifier (spyware-put.rules)
 * 1:5949 <-> DISABLED <-> SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules)
 * 1:595 <-> DISABLED <-> RPC portmap espd request TCP (rpc.rules)
 * 1:5950 <-> DISABLED <-> SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules)
 * 1:5951 <-> DISABLED <-> SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules)
 * 1:5952 <-> DISABLED <-> SPYWARE-PUT Hijacker 123mania runtime detection - autosearch hijacking (spyware-put.rules)
 * 1:5953 <-> DISABLED <-> SPYWARE-PUT Hijacker 123mania runtime detection - sidesearch hijacking (spyware-put.rules)
 * 1:5954 <-> DISABLED <-> SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules)
 * 1:5955 <-> DISABLED <-> SPYWARE-PUT Trackware browserpal runtime detection - adblocker function (spyware-put.rules)
 * 1:5956 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool ghostvoice 1.02 icq notification of server installation (spyware-put.rules)
 * 1:5957 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection (spyware-put.rules)
 * 1:5958 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (spyware-put.rules)
 * 1:5959 <-> DISABLED <-> SPYWARE-PUT Hijacker raxsearch detection - send search keywords to raxsearch (spyware-put.rules)
 * 1:5960 <-> DISABLED <-> SPYWARE-PUT Hijacker raxsearch detection - pop-up raxsearch window (spyware-put.rules)
 * 1:5961 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules)
 * 1:5962 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - catch search keyword (spyware-put.rules)
 * 1:5963 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - search request (spyware-put.rules)
 * 1:7101 <-> DISABLED <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules)
 * 1:7103 <-> DISABLED <-> BACKDOOR gwboy 0.92 runtime detection - init connection (backdoor.rules)
 * 1:7104 <-> ENABLED <-> BACKDOOR aol admin runtime detection (backdoor.rules)
 * 1:7106 <-> DISABLED <-> BACKDOOR girlfriend runtime detection (backdoor.rules)
 * 1:7107 <-> DISABLED <-> BACKDOOR girlfriend runtime detection (backdoor.rules)
 * 1:7111 <-> ENABLED <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules)
 * 1:7113 <-> ENABLED <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules)
 * 1:7118 <-> DISABLED <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules)
 * 1:7119 <-> DISABLED <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
 * 1:7120 <-> DISABLED <-> BACKDOOR y3k 1.2 runtime detection - init connection 1 (backdoor.rules)
 * 1:7121 <-> DISABLED <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
 * 1:7122 <-> DISABLED <-> BACKDOOR y3k 1.2 runtime detection - init connection 2 (backdoor.rules)
 * 1:7123 <-> DISABLED <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - update (spyware-put.rules)
 * 1:7124 <-> DISABLED <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - buy (spyware-put.rules)
 * 1:7125 <-> DISABLED <-> SPYWARE-PUT Hijacker traffbest biz runtime detection - adv (spyware-put.rules)
 * 1:7126 <-> DISABLED <-> SPYWARE-PUT Hijacker trojan proxy atiup runtime detection - notification (spyware-put.rules)
 * 1:7127 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (spyware-put.rules)
 * 1:7128 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (spyware-put.rules)
 * 1:7129 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (spyware-put.rules)
 * 1:7130 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (spyware-put.rules)
 * 1:7135 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - config info retrieval (spyware-put.rules)
 * 1:7136 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - search assistant redirect (spyware-put.rules)
 * 1:7137 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - side search redirect (spyware-put.rules)
 * 1:7138 <-> DISABLED <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules)
 * 1:7139 <-> DISABLED <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules)
 * 1:7140 <-> DISABLED <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules)
 * 1:7141 <-> DISABLED <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules)
 * 1:7142 <-> DISABLED <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules)
 * 1:7143 <-> DISABLED <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules)
 * 1:7144 <-> DISABLED <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules)
 * 1:7145 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spam maxy runtime detection (spyware-put.rules)
 * 1:7146 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - sin notification (spyware-put.rules)
 * 1:7147 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - icq notification (spyware-put.rules)
 * 1:7148 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - cgi notification (spyware-put.rules)
 * 1:7149 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - php notification (spyware-put.rules)
 * 1:7150 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - irc notification (spyware-put.rules)
 * 1:7151 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - net send notification (spyware-put.rules)
 * 1:7152 <-> DISABLED <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - installation (spyware-put.rules)
 * 1:7153 <-> DISABLED <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - hijacking (spyware-put.rules)
 * 1:7154 <-> DISABLED <-> SPYWARE-PUT Keylogger active keylogger home runtime detection (spyware-put.rules)
 * 1:7155 <-> DISABLED <-> SPYWARE-PUT Trickler jubster runtime detection (spyware-put.rules)
 * 1:7156 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - email delivery (spyware-put.rules)
 * 1:7157 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - remote conn client-to-server (spyware-put.rules)
 * 1:7158 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - remote conn server-to-client (spyware-put.rules)
 * 1:7159 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - upload file client-to-server (spyware-put.rules)
 * 1:7160 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - upload file server-to-client (spyware-put.rules)
 * 1:7161 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - download file client-to-server (spyware-put.rules)
 * 1:7162 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - download file server-to-client (spyware-put.rules)
 * 1:7163 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - execute file client-to-server (spyware-put.rules)
 * 1:7164 <-> DISABLED <-> SPYWARE-PUT Keylogger win-spy runtime detection - execute file server-to-client (spyware-put.rules)
 * 1:7165 <-> ENABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (spyware-put.rules)
 * 1:7166 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 2 (spyware-put.rules)
 * 1:7167 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 3 (spyware-put.rules)
 * 1:7168 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 4 (spyware-put.rules)
 * 1:7169 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules)
 * 1:7175 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - log retrieve (spyware-put.rules)
 * 1:7176 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - log retrieve (spyware-put.rules)
 * 1:7177 <-> DISABLED <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info send through email (spyware-put.rules)
 * 1:7178 <-> DISABLED <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
 * 1:7179 <-> DISABLED <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
 * 1:7180 <-> DISABLED <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
 * 1:7183 <-> DISABLED <-> SPYWARE-PUT Snoopware barok runtime detection (spyware-put.rules)
 * 1:7184 <-> DISABLED <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - smtp (spyware-put.rules)
 * 1:7185 <-> DISABLED <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - ftp (spyware-put.rules)
 * 1:7186 <-> DISABLED <-> SPYWARE-PUT Keylogger kgb Keylogger runtime detection (spyware-put.rules)
 * 1:7188 <-> DISABLED <-> SPYWARE-PUT Hijacker shop at home select - merchant redirect in progress (spyware-put.rules)
 * 1:7189 <-> DISABLED <-> SPYWARE-PUT Trackware shopathome runtime detection - setcookie request (spyware-put.rules)
 * 1:7191 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules)
 * 1:7192 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules)
 * 1:7193 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules)
 * 1:7194 <-> DISABLED <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules)
 * 1:7195 <-> DISABLED <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules)
 * 1:7197 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (web-client.rules)
 * 1:7198 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing multi byte buffer over attempt (web-client.rules)
 * 1:7199 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel label record overflow attempt (web-client.rules)
 * 1:7203 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word information string overflow attempt (web-client.rules)
 * 1:7204 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel object ftCmo overflow attempt (web-client.rules)
 * 1:7207 <-> DISABLED <-> ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (oracle.rules)
 * 1:7208 <-> DISABLED <-> ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (oracle.rules)
 * 1:7421 <-> DISABLED <-> ORACLE DBMS_EXPORT_EXTENSION.GET_V2_DOMAIN_INDEX_TABLES access attempt (oracle.rules)
 * 1:7504 <-> DISABLED <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules)
 * 1:7505 <-> DISABLED <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules)
 * 1:7506 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection - flowbit set (spyware-put.rules)
 * 1:7507 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection (spyware-put.rules)
 * 1:7508 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping - flowbit set (spyware-put.rules)
 * 1:6069 <-> DISABLED <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:607 <-> DISABLED <-> RSERVICES rsh bin (rservices.rules)
 * 1:6070 <-> DISABLED <-> BACKDOOR freak 1.0 runtime detection - irc notification (backdoor.rules)
 * 1:6071 <-> DISABLED <-> BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:6074 <-> DISABLED <-> BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (backdoor.rules)
 * 1:6075 <-> DISABLED <-> BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (backdoor.rules)
 * 1:6076 <-> DISABLED <-> BACKDOOR amiboide uploader runtime detection - init connection (backdoor.rules)
 * 1:6077 <-> DISABLED <-> BACKDOOR autospy runtime detection - get information (backdoor.rules)
 * 1:6078 <-> DISABLED <-> BACKDOOR autospy runtime detection - get information (backdoor.rules)
 * 1:6079 <-> DISABLED <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
 * 1:608 <-> DISABLED <-> RSERVICES rsh echo + + (rservices.rules)
 * 1:6080 <-> DISABLED <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
 * 1:6081 <-> DISABLED <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
 * 1:6082 <-> DISABLED <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
 * 1:6083 <-> DISABLED <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
 * 1:6084 <-> DISABLED <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
 * 1:6085 <-> DISABLED <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules)
 * 1:6086 <-> DISABLED <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules)
 * 1:6087 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
 * 1:6088 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection - init connection (backdoor.rules)
 * 1:6089 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
 * 1:609 <-> DISABLED <-> RSERVICES rsh froot (rservices.rules)
 * 1:6090 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection - get memory info (backdoor.rules)
 * 1:6091 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
 * 1:6092 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection - get harddisk info (backdoor.rules)
 * 1:6093 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
 * 1:6094 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection - get drive info (backdoor.rules)
 * 1:6095 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
 * 1:6096 <-> DISABLED <-> BACKDOOR a trojan 2.0 runtime detection - get system info (backdoor.rules)
 * 1:6097 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
 * 1:6098 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules)
 * 1:6099 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
 * 1:610 <-> DISABLED <-> RSERVICES rsh root (rservices.rules)
 * 1:6100 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules)
 * 1:6101 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
 * 1:6102 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules)
 * 1:6103 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
 * 1:6104 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules)
 * 1:6105 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
 * 1:6106 <-> DISABLED <-> BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules)
 * 1:6108 <-> DISABLED <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
 * 1:6109 <-> DISABLED <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
 * 1:611 <-> DISABLED <-> RSERVICES rlogin login failure (rservices.rules)
 * 1:6110 <-> DISABLED <-> BACKDOOR forced entry v1.1 beta runtime detection (backdoor.rules)
 * 1:6111 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
 * 1:6112 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
 * 1:6113 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
 * 1:6114 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - email notification (backdoor.rules)
 * 1:6115 <-> DISABLED <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules)
 * 1:6116 <-> DISABLED <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
 * 1:6117 <-> DISABLED <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
 * 1:6118 <-> DISABLED <-> BACKDOOR net runner runtime detection - initial connection client-to-server (backdoor.rules)
 * 1:6119 <-> DISABLED <-> BACKDOOR net runner runtime detection - initial connection server-to-client (backdoor.rules)
 * 1:612 <-> DISABLED <-> RPC rusers query UDP (rpc.rules)
 * 1:6120 <-> DISABLED <-> BACKDOOR net runner runtime detection - download file client-to-server (backdoor.rules)
 * 1:6121 <-> DISABLED <-> BACKDOOR net runner runtime detection - download file server-to-client (backdoor.rules)
 * 1:6123 <-> DISABLED <-> BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules)
 * 1:6124 <-> DISABLED <-> BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules)
 * 1:6125 <-> DISABLED <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
 * 1:6126 <-> DISABLED <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
 * 1:6129 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
 * 1:6130 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection - get computer name (backdoor.rules)
 * 1:6131 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
 * 1:6132 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection - get user name (backdoor.rules)
 * 1:6133 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection - send messages (backdoor.rules)
 * 1:6134 <-> DISABLED <-> BACKDOOR chupacabra 1.0 runtime detection - delete file (backdoor.rules)
 * 1:6136 <-> DISABLED <-> BACKDOOR clindestine 1.0 runtime detection - capture big screen (backdoor.rules)
 * 1:6137 <-> DISABLED <-> BACKDOOR clindestine 1.0 runtime detection - capture small screen (backdoor.rules)
 * 1:6138 <-> DISABLED <-> BACKDOOR clindestine 1.0 runtime detection - get computer info (backdoor.rules)
 * 1:6139 <-> DISABLED <-> BACKDOOR clindestine 1.0 runtime detection - get system directory (backdoor.rules)
 * 1:6142 <-> DISABLED <-> BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (backdoor.rules)
 * 1:6143 <-> DISABLED <-> BACKDOOR dark connection inside v1.2 runtime detection (backdoor.rules)
 * 1:6144 <-> DISABLED <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (backdoor.rules)
 * 1:6145 <-> DISABLED <-> BACKDOOR mantis runtime detection - sent notify option server-to-client (backdoor.rules)
 * 1:6147 <-> DISABLED <-> BACKDOOR mantis runtime detection - go to address client-to-server (backdoor.rules)
 * 1:6148 <-> DISABLED <-> BACKDOOR mantis runtime detection - go to address server-to-client (backdoor.rules)
 * 1:6149 <-> DISABLED <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
 * 1:6150 <-> DISABLED <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
 * 1:6151 <-> DISABLED <-> BACKDOOR back attack v1.4 runtime detection (backdoor.rules)
 * 1:6152 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules)
 * 1:6153 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules)
 * 1:6154 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules)
 * 1:6155 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules)
 * 1:6156 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules)
 * 1:6157 <-> DISABLED <-> BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules)
 * 1:6159 <-> DISABLED <-> BACKDOOR delirium of disorder runtime detection - enable keylogger (backdoor.rules)
 * 1:616 <-> DISABLED <-> SCAN ident version request (scan.rules)
 * 1:6160 <-> DISABLED <-> BACKDOOR delirium of disorder runtime detection - stop keylogger (backdoor.rules)
 * 1:6161 <-> DISABLED <-> BACKDOOR furax 1.0 b2 runtime detection (backdoor.rules)
 * 1:6164 <-> DISABLED <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
 * 1:6165 <-> DISABLED <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
 * 1:6166 <-> DISABLED <-> BACKDOOR unicorn runtime detection - initial connection (backdoor.rules)
 * 1:6167 <-> DISABLED <-> BACKDOOR unicorn runtime detection - set wallpaper client-to-server (backdoor.rules)
 * 1:6168 <-> DISABLED <-> BACKDOOR unicorn runtime detection - set wallpaper server-to-client (backdoor.rules)
 * 1:6169 <-> DISABLED <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules)
 * 1:6170 <-> DISABLED <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules)
 * 1:6171 <-> DISABLED <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
 * 1:6172 <-> DISABLED <-> BACKDOOR cookie monster 0.24 runtime detection - get version info (backdoor.rules)
 * 1:6173 <-> DISABLED <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
 * 1:6175 <-> DISABLED <-> BACKDOOR cookie monster 0.24 runtime detection - kill kernel (backdoor.rules)
 * 1:6177 <-> DISABLED <-> BACKDOOR ultimate destruction runtime detection - kill process client-to-server (backdoor.rules)
 * 1:6178 <-> DISABLED <-> BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (backdoor.rules)
 * 1:6179 <-> DISABLED <-> BACKDOOR bladerunner 0.80 runtime detection (backdoor.rules)
 * 1:6180 <-> DISABLED <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
 * 1:6181 <-> DISABLED <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
 * 1:6182 <-> DISABLED <-> CHAT IRC channel notice (chat.rules)
 * 1:6183 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - tracked event URL (spyware-put.rules)
 * 1:6184 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - config upload (spyware-put.rules)
 * 1:6185 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - reporting keyword (spyware-put.rules)
 * 1:6186 <-> DISABLED <-> SPYWARE-PUT Other-Technologies SpywareStrike Runtime Detection (spyware-put.rules)
 * 1:6187 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules)
 * 1:6188 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules)
 * 1:6189 <-> DISABLED <-> SPYWARE-PUT Trackware try2find detection (spyware-put.rules)
 * 1:6190 <-> DISABLED <-> SPYWARE-PUT Keylogger eblaster 5.0 runtime detection (spyware-put.rules)
 * 1:6191 <-> DISABLED <-> SPYWARE-PUT Trackware onetoolbar runtime detection (spyware-put.rules)
 * 1:6192 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules)
 * 1:6193 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - pop up ads (spyware-put.rules)
 * 1:6194 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - config upload (spyware-put.rules)
 * 1:6195 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - download .cab (spyware-put.rules)
 * 1:6196 <-> DISABLED <-> SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules)
 * 1:6197 <-> DISABLED <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules)
 * 1:6198 <-> DISABLED <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules)
 * 1:6199 <-> DISABLED <-> SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules)
 * 1:6200 <-> DISABLED <-> SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules)
 * 1:6201 <-> DISABLED <-> SPYWARE-PUT Adware twaintec runtime detection (spyware-put.rules)
 * 1:6202 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext installtime/update request (spyware-put.rules)
 * 1:6203 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules)
 * 1:6204 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext runtime detection - track activity (spyware-put.rules)
 * 1:6205 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool freak 88 das runtime detection (spyware-put.rules)
 * 1:6206 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sin stealer 1.1 runtime detection (spyware-put.rules)
 * 1:6207 <-> DISABLED <-> SPYWARE-PUT Keylogger winsession runtime detection - smtp (spyware-put.rules)
 * 1:6208 <-> DISABLED <-> SPYWARE-PUT Keylogger winsession runtime detection - ftp (spyware-put.rules)
 * 1:6209 <-> DISABLED <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules)
 * 1:6211 <-> DISABLED <-> SPYWARE-PUT Adware deskwizz runtime detection - pop-up ad request (spyware-put.rules)
 * 1:6212 <-> DISABLED <-> SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules)
 * 1:6213 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules)
 * 1:6214 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - search (spyware-put.rules)
 * 1:6215 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - track (spyware-put.rules)
 * 1:6216 <-> DISABLED <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - config (spyware-put.rules)
 * 1:6218 <-> DISABLED <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads (spyware-put.rules)
 * 1:6219 <-> DISABLED <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules)
 * 1:6220 <-> DISABLED <-> SPYWARE-PUT Keylogger boss everyware runtime detection (spyware-put.rules)
 * 1:6221 <-> DISABLED <-> SPYWARE-PUT Keylogger computerspy runtime detection (spyware-put.rules)
 * 1:6222 <-> DISABLED <-> SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules)
 * 1:6223 <-> DISABLED <-> SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules)
 * 1:6224 <-> DISABLED <-> SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules)
 * 1:6230 <-> DISABLED <-> SPYWARE-PUT Hijacker i-lookup runtime detection (spyware-put.rules)
 * 1:6232 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules)
 * 1:6233 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules)
 * 1:6234 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - ads (spyware-put.rules)
 * 1:6236 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - pass info to server (spyware-put.rules)
 * 1:6237 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules)
 * 1:6238 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - collect info request 1 (spyware-put.rules)
 * 1:6239 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules)
 * 1:6240 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - pop up ads (spyware-put.rules)
 * 1:6241 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules)
 * 1:6242 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch.cameup runtime detection (spyware-put.rules)
 * 1:6243 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - home page hijack (spyware-put.rules)
 * 1:6244 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - ie auto search hijack (spyware-put.rules)
 * 1:6245 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch startpage runtime detection (spyware-put.rules)
 * 1:6246 <-> DISABLED <-> SPYWARE-PUT Hijacker exact navisearch runtime detection - search hijack (spyware-put.rules)
 * 1:6247 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - help redirect (spyware-put.rules)
 * 1:6248 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - popup (spyware-put.rules)
 * 1:6249 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - redirect (spyware-put.rules)
 * 1:6250 <-> DISABLED <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules)
 * 1:6251 <-> DISABLED <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules)
 * 1:6252 <-> DISABLED <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - search request (spyware-put.rules)
 * 1:6253 <-> DISABLED <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - log user ativity (spyware-put.rules)
 * 1:6254 <-> DISABLED <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - redirect (spyware-put.rules)
 * 1:6255 <-> DISABLED <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - update (spyware-put.rules)
 * 1:6256 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire installtime/auto-update (spyware-put.rules)
 * 1:6257 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - testgeonew query (spyware-put.rules)
 * 1:6258 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - get engine file (spyware-put.rules)
 * 1:6259 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - search forward (spyware-put.rules)
 * 1:626 <-> DISABLED <-> SCAN cybercop os PA12 attempt (scan.rules)
 * 1:6260 <-> DISABLED <-> SPYWARE-PUT Adware overpro runtime detection (spyware-put.rules)
 * 1:6261 <-> DISABLED <-> SPYWARE-PUT Trickler slinkyslate toolbar runtime detection (spyware-put.rules)
 * 1:6263 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - collect information (spyware-put.rules)
 * 1:6264 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - movie (spyware-put.rules)
 * 1:6265 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - engine (spyware-put.rules)
 * 1:6266 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - check update (spyware-put.rules)
 * 1:6267 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - get update (spyware-put.rules)
 * 1:6268 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - download exe (spyware-put.rules)
 * 1:6269 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - track event (spyware-put.rules)
 * 1:627 <-> DISABLED <-> SCAN cybercop os SFU12 probe (scan.rules)
 * 1:6270 <-> DISABLED <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules)
 * 1:6274 <-> DISABLED <-> SPYWARE-PUT Trickler clickalchemy runtime detection (spyware-put.rules)
 * 1:6275 <-> DISABLED <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules)
 * 1:6278 <-> DISABLED <-> SPYWARE-PUT Trickler navexcel search toolbar runtime detection - activate/update (spyware-put.rules)
 * 1:6279 <-> DISABLED <-> SPYWARE-PUT Hijacker sidefind runtime detection (spyware-put.rules)
 * 1:6280 <-> DISABLED <-> SPYWARE-PUT Hijacker sidefind runtime detection - cookie (spyware-put.rules)
 * 1:6281 <-> DISABLED <-> SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules)
 * 1:6282 <-> DISABLED <-> SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules)
 * 1:6283 <-> DISABLED <-> SPYWARE-PUT Hijacker websearch runtime detection - sitereview (spyware-put.rules)
 * 1:6284 <-> DISABLED <-> SPYWARE-PUT Hijacker websearch runtime detection - webstat (spyware-put.rules)
 * 1:6285 <-> DISABLED <-> BACKDOOR antilamer 1.1 runtime detection - set flowbit (backdoor.rules)
 * 1:6286 <-> DISABLED <-> BACKDOOR antilamer 1.1 runtime detection (backdoor.rules)
 * 1:6287 <-> DISABLED <-> BACKDOOR fictional daemon 4.4 runtime detection - telent (backdoor.rules)
 * 1:6288 <-> DISABLED <-> BACKDOOR fictional daemon 4.4 runtime detection - ftp (backdoor.rules)
 * 1:6289 <-> DISABLED <-> BACKDOOR netspy runtime detection - command pattern client-to-server (backdoor.rules)
 * 1:6291 <-> DISABLED <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules)
 * 1:6292 <-> DISABLED <-> BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (backdoor.rules)
 * 1:6293 <-> DISABLED <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (backdoor.rules)
 * 1:6294 <-> DISABLED <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (backdoor.rules)
 * 1:6295 <-> DISABLED <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb (backdoor.rules)
 * 1:6296 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules)
 * 1:6297 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules)
 * 1:6298 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (backdoor.rules)
 * 1:6299 <-> DISABLED <-> BACKDOOR insurrection 1.1.0 runtime detection - initial connection (backdoor.rules)
 * 1:6300 <-> DISABLED <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules)
 * 1:6301 <-> DISABLED <-> BACKDOOR cia 1.3 runtime detection - smtp notification (backdoor.rules)
 * 1:6302 <-> DISABLED <-> BACKDOOR cia runtime detection - initial connection - set flowbit (backdoor.rules)
 * 1:6303 <-> DISABLED <-> BACKDOOR cia runtime detection - initial connection (backdoor.rules)
 * 1:6304 <-> DISABLED <-> BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (backdoor.rules)
 * 1:6305 <-> DISABLED <-> BACKDOOR softwar shadowthief runtime detection - initial connection (backdoor.rules)
 * 1:6306 <-> DISABLED <-> BACKDOOR shit heep runtime detection (backdoor.rules)
 * 1:6307 <-> DISABLED <-> BACKDOOR lamespy runtime detection - initial connection - set flowbit (backdoor.rules)
 * 1:6308 <-> DISABLED <-> BACKDOOR lamespy runtime detection - initial connection (backdoor.rules)
 * 1:6309 <-> DISABLED <-> BACKDOOR net demon runtime detection - initial connection - password request (backdoor.rules)
 * 1:631 <-> DISABLED <-> SMTP ehlo cybercop attempt (smtp.rules)
 * 1:6310 <-> DISABLED <-> BACKDOOR net demon runtime detection - initial connection - password send (backdoor.rules)
 * 1:6311 <-> DISABLED <-> BACKDOOR net demon runtime detection - initial connection - password accepted (backdoor.rules)
 * 1:6312 <-> DISABLED <-> BACKDOOR net demon runtime detection - message send (backdoor.rules)
 * 1:6313 <-> DISABLED <-> BACKDOOR net demon runtime detection - message response (backdoor.rules)
 * 1:6314 <-> DISABLED <-> BACKDOOR net demon runtime detection - open browser request (backdoor.rules)
 * 1:6315 <-> DISABLED <-> BACKDOOR net demon runtime detection - open browser response (backdoor.rules)
 * 1:6316 <-> DISABLED <-> BACKDOOR net demon runtime detection - file manager request (backdoor.rules)
 * 1:6317 <-> DISABLED <-> BACKDOOR net demon runtime detection - file manager response (backdoor.rules)
 * 1:6318 <-> DISABLED <-> BACKDOOR rtb666 runtime detection (backdoor.rules)
 * 1:6319 <-> DISABLED <-> BACKDOOR evilftp runtime detection - init connection (backdoor.rules)
 * 1:632 <-> DISABLED <-> SMTP expn cybercop attempt (smtp.rules)
 * 1:6320 <-> DISABLED <-> BACKDOOR ptakks2.1 runtime detection - keepalive (backdoor.rules)
 * 1:6323 <-> DISABLED <-> BACKDOOR 3xBackdoor runtime detection - set flowbit (backdoor.rules)
 * 1:6325 <-> DISABLED <-> BACKDOOR fucktrojan 1.2 runtime detection - initial connection (backdoor.rules)
 * 1:6326 <-> DISABLED <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
 * 1:6327 <-> DISABLED <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
 * 1:6328 <-> DISABLED <-> BACKDOOR commando runtime detection - initial connection (backdoor.rules)
 * 1:6329 <-> DISABLED <-> BACKDOOR commando runtime detection - chat client-to-server (backdoor.rules)
 * 1:6330 <-> DISABLED <-> BACKDOOR commando runtime detection - chat server-to-client (backdoor.rules)
 * 1:6331 <-> DISABLED <-> BACKDOOR globalkiller1.0 runtime detection - notification (backdoor.rules)
 * 1:6332 <-> DISABLED <-> BACKDOOR globalkiller1.0 runtime detection - initial connection (backdoor.rules)
 * 1:6333 <-> DISABLED <-> BACKDOOR wincrash 2.0 runtime detection (backdoor.rules)
 * 1:6334 <-> DISABLED <-> BACKDOOR backlash runtime detection (backdoor.rules)
 * 1:6335 <-> DISABLED <-> BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (backdoor.rules)
 * 1:6337 <-> DISABLED <-> BACKDOOR hatredfriend file manage command - set flowbit (backdoor.rules)
 * 1:6338 <-> DISABLED <-> BACKDOOR hatredfriend file manage command (backdoor.rules)
 * 1:6339 <-> DISABLED <-> BACKDOOR hatredfriend email notification detection (backdoor.rules)
 * 1:634 <-> DISABLED <-> SCAN Amanda client-version request (scan.rules)
 * 1:6340 <-> DISABLED <-> SPYWARE-PUT Keylogger handy keylogger runtime detection (spyware-put.rules)
 * 1:6341 <-> DISABLED <-> SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules)
 * 1:6342 <-> DISABLED <-> SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules)
 * 1:6343 <-> DISABLED <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules)
 * 1:6344 <-> DISABLED <-> SPYWARE-PUT Adware excite search bar runtime detection - config (spyware-put.rules)
 * 1:6345 <-> DISABLED <-> SPYWARE-PUT Adware excite search bar runtime detection - search (spyware-put.rules)
 * 1:6346 <-> DISABLED <-> SPYWARE-PUT Adware stationripper update detection (spyware-put.rules)
 * 1:6347 <-> DISABLED <-> SPYWARE-PUT Adware stationripper ad display detection (spyware-put.rules)
 * 1:6348 <-> DISABLED <-> SPYWARE-PUT Snoopware zenosearch runtime detection (spyware-put.rules)
 * 1:6349 <-> DISABLED <-> SPYWARE-PUT Hijacker richfind update detection (spyware-put.rules)
 * 1:635 <-> DISABLED <-> SCAN XTACACS logout (scan.rules)
 * 1:6350 <-> DISABLED <-> SPYWARE-PUT Hijacker richfind auto search redirect detection (spyware-put.rules)
 * 1:6351 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock update detection (spyware-put.rules)
 * 1:6352 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock auto search redirect detection (spyware-put.rules)
 * 1:6353 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules)
 * 1:6354 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - auto update (spyware-put.rules)
 * 1:6355 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - mp3 search (spyware-put.rules)
 * 1:6356 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - desktop search (spyware-put.rules)
 * 1:6357 <-> DISABLED <-> SPYWARE-PUT Hijacker need2find initial configuration detection (spyware-put.rules)
 * 1:6358 <-> DISABLED <-> SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules)
 * 1:6359 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules)
 * 1:636 <-> DISABLED <-> SCAN cybercop udp bomb (scan.rules)
 * 1:6360 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules)
 * 1:6361 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules)
 * 1:6362 <-> DISABLED <-> SPYWARE-PUT Hijacker microgaming runtime detection (spyware-put.rules)
 * 1:6363 <-> DISABLED <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules)
 * 1:6364 <-> DISABLED <-> SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules)
 * 1:6365 <-> DISABLED <-> SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules)
 * 1:6366 <-> DISABLED <-> SPYWARE-PUT Trickler eacceleration downloadreceiver user-agent string detected (spyware-put.rules)
 * 1:6367 <-> DISABLED <-> SPYWARE-PUT Trickler eacceleration downloadreceiver runtime detection - stop-sign ads (spyware-put.rules)
 * 1:637 <-> DISABLED <-> SCAN Webtrends Scanner UDP Probe (scan.rules)
 * 1:6371 <-> DISABLED <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - pop up ads (spyware-put.rules)
 * 1:6372 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules)
 * 1:6373 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules)
 * 1:6374 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules)
 * 1:6375 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs.eblocs detection - register request (spyware-put.rules)
 * 1:6376 <-> DISABLED <-> SPYWARE-PUT Hijacker girafa toolbar - toolbar update (spyware-put.rules)
 * 1:6377 <-> DISABLED <-> SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules)
 * 1:6378 <-> DISABLED <-> SPYWARE-PUT Hijacker adbars runtime detection - homepage hijack (spyware-put.rules)
 * 1:6379 <-> DISABLED <-> SPYWARE-PUT Hijacker adbars runtime detection - search in toolbar (spyware-put.rules)
 * 1:638 <-> DISABLED <-> SHELLCODE SGI NOOP (shellcode.rules)
 * 1:6380 <-> DISABLED <-> SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - toolbar information retrieve (spyware-put.rules)
 * 1:6381 <-> DISABLED <-> SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - search in toolbar (spyware-put.rules)
 * 1:6382 <-> DISABLED <-> SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - url hook (spyware-put.rules)
 * 1:6383 <-> DISABLED <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (spyware-put.rules)
 * 1:6384 <-> DISABLED <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules)
 * 1:6385 <-> DISABLED <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (spyware-put.rules)
 * 1:6386 <-> DISABLED <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent up notification (spyware-put.rules)
 * 1:6387 <-> DISABLED <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - autosearch hijack (spyware-put.rules)
 * 1:6388 <-> DISABLED <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - error page hijack (spyware-put.rules)
 * 1:6389 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - postinstall request (spyware-put.rules)
 * 1:639 <-> DISABLED <-> SHELLCODE SGI NOOP (shellcode.rules)
 * 1:6390 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
 * 1:6391 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
 * 1:6392 <-> DISABLED <-> SPYWARE-PUT Hijacker zeropopup runtime detection (spyware-put.rules)
 * 1:6394 <-> DISABLED <-> SPYWARE-PUT Hijacker adstart runtime detection (spyware-put.rules)
 * 1:6397 <-> DISABLED <-> BACKDOOR http rat runtime detection - smtp (backdoor.rules)
 * 1:6399 <-> DISABLED <-> BACKDOOR rad 1.2.3 runtime detection (backdoor.rules)
 * 1:640 <-> DISABLED <-> SHELLCODE AIX NOOP (shellcode.rules)
 * 1:6400 <-> DISABLED <-> BACKDOOR snowdoor runtime detection client-to-server (backdoor.rules)
 * 1:6401 <-> DISABLED <-> BACKDOOR snowdoor runtime detection server-to-client (backdoor.rules)
 * 1:6402 <-> DISABLED <-> BACKDOOR netangel connection client-to-server (backdoor.rules)
 * 1:6403 <-> DISABLED <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
 * 1:641 <-> DISABLED <-> SHELLCODE Digital UNIX NOOP (shellcode.rules)
 * 1:642 <-> DISABLED <-> SHELLCODE HP-UX NOOP (shellcode.rules)
 * 1:643 <-> DISABLED <-> SHELLCODE HP-UX NOOP (shellcode.rules)
 * 1:644 <-> DISABLED <-> SHELLCODE sparc NOOP (shellcode.rules)
 * 1:645 <-> DISABLED <-> SHELLCODE sparc NOOP (shellcode.rules)
 * 1:646 <-> DISABLED <-> SHELLCODE sparc NOOP (shellcode.rules)
 * 1:6468 <-> DISABLED <-> CHAT jabber file transfer request (chat.rules)
 * 1:647 <-> DISABLED <-> SHELLCODE Sun sparc setuid 0 (shellcode.rules)
 * 1:6472 <-> DISABLED <-> BACKDOOR bugs runtime detection - file manager client-to-server (backdoor.rules)
 * 1:6473 <-> DISABLED <-> BACKDOOR bugs runtime detection - file manager server-to-client (backdoor.rules)
 * 1:6474 <-> DISABLED <-> BACKDOOR w32.loosky.gen@mm runtime detection - notification (backdoor.rules)
 * 1:6475 <-> DISABLED <-> BACKDOOR badrat 1.1 runtime detection - flowbit set (backdoor.rules)
 * 1:6476 <-> DISABLED <-> BACKDOOR badrat 1.1 runtime detection (backdoor.rules)
 * 1:6477 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool beee runtime detection - smtp (spyware-put.rules)
 * 1:6478 <-> DISABLED <-> SPYWARE-PUT Trackware searchingall toolbar runtime detection - send user url request (spyware-put.rules)
 * 1:6479 <-> DISABLED <-> SPYWARE-PUT Snoopware totalvelocity zsearch runtime detection (spyware-put.rules)
 * 1:648 <-> DISABLED <-> SHELLCODE x86 NOOP (shellcode.rules)
 * 1:6480 <-> DISABLED <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - home page (spyware-put.rules)
 * 1:6481 <-> DISABLED <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules)
 * 1:6482 <-> DISABLED <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules)
 * 1:6483 <-> DISABLED <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - home page hijacker (spyware-put.rules)
 * 1:6484 <-> DISABLED <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - search (spyware-put.rules)
 * 1:6487 <-> DISABLED <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - check updates (spyware-put.rules)
 * 1:6488 <-> DISABLED <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - redirect mistyped urls (spyware-put.rules)
 * 1:6489 <-> DISABLED <-> SPYWARE-PUT Hijacker analyze IE runtime detection - default page hijacker (spyware-put.rules)
 * 1:649 <-> DISABLED <-> SHELLCODE x86 setgid 0 (shellcode.rules)
 * 1:6490 <-> DISABLED <-> SPYWARE-PUT Dialer yeaknet runtime detection - home page hijacker (spyware-put.rules)
 * 1:6491 <-> DISABLED <-> SPYWARE-PUT Dialer yeaknet runtime detection - post-installation (spyware-put.rules)
 * 1:6492 <-> DISABLED <-> SPYWARE-PUT Trickler Backdoor-BAC.gen.e runtime detection - notification (spyware-put.rules)
 * 1:6493 <-> DISABLED <-> SPYWARE-PUT Trickler Backdoor-BAC.gen.e runtime detection - post data (spyware-put.rules)
 * 1:6494 <-> DISABLED <-> SPYWARE-PUT Adware yourenhancement runtime detection (spyware-put.rules)
 * 1:6495 <-> DISABLED <-> SPYWARE-PUT Hijacker troj_spywad.x runtime detection (spyware-put.rules)
 * 1:6496 <-> DISABLED <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules)
 * 1:6497 <-> DISABLED <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
 * 1:6498 <-> DISABLED <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
 * 1:6499 <-> DISABLED <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
 * 1:650 <-> DISABLED <-> SHELLCODE x86 setuid 0 (shellcode.rules)
 * 1:6502 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (web-client.rules)
 * 1:6505 <-> DISABLED <-> WEB-CLIENT Apple Quicktime fpx file SectNumMiniFAT overflow attempt (web-client.rules)
 * 1:6506 <-> DISABLED <-> WEB-CLIENT Apple Quicktime udta atom overflow attempt (web-client.rules)
 * 1:6509 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri href buffer overflow attempt (web-client.rules)
 * 1:6510 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (web-client.rules)
 * 1:652 <-> DISABLED <-> SHELLCODE Linux shellcode (shellcode.rules)
 * 1:655 <-> DISABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:657 <-> DISABLED <-> SMTP chameleon overflow (smtp.rules)
 * 1:658 <-> DISABLED <-> SMTP exchange mime DOS (smtp.rules)
 * 1:6584 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules)
 * 1:659 <-> DISABLED <-> SMTP expn decode (smtp.rules)
 * 1:660 <-> DISABLED <-> SMTP expn root (smtp.rules)
 * 1:661 <-> DISABLED <-> SMTP majordomo ifs (smtp.rules)
 * 1:662 <-> DISABLED <-> SMTP sendmail 5.5.5 exploit (smtp.rules)
 * 1:663 <-> DISABLED <-> SMTP rcpt to command attempt (smtp.rules)
 * 1:664 <-> DISABLED <-> SMTP RCPT TO decode attempt (smtp.rules)
 * 1:665 <-> DISABLED <-> SMTP sendmail 5.6.5 exploit (smtp.rules)
 * 1:667 <-> DISABLED <-> SMTP sendmail 8.6.10 exploit (smtp.rules)
 * 1:668 <-> DISABLED <-> SMTP sendmail 8.6.10 exploit (smtp.rules)
 * 1:669 <-> DISABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:670 <-> DISABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:671 <-> DISABLED <-> SMTP sendmail 8.6.9c exploit (smtp.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:672 <-> DISABLED <-> SMTP vrfy decode (smtp.rules)
 * 1:6810 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (netbios.rules)
 * 1:7022 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Explorer invalid url file overflow attempt (web-client.rules)
 * 1:7024 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel style handling overflow attempt (web-client.rules)
 * 1:7027 <-> DISABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7028 <-> DISABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7029 <-> DISABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7030 <-> DISABLED <-> POLICY silc server response (policy.rules)
 * 1:7031 <-> DISABLED <-> POLICY silc client outbound connection (policy.rules)
 * 1:7032 <-> DISABLED <-> POLICY GoToMyPC startup (policy.rules)
 * 1:7033 <-> DISABLED <-> POLICY GoToMyPC local service running (policy.rules)
 * 1:7034 <-> DISABLED <-> POLICY GoToMyPC remote control attempt (policy.rules)
 * 1:7036 <-> DISABLED <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7037 <-> DISABLED <-> NETBIOS SMB Trans mailslot heap overflow attempt (netbios.rules)
 * 1:7038 <-> DISABLED <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7039 <-> DISABLED <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
 * 1:7040 <-> DISABLED <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
 * 1:7041 <-> ENABLED <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
 * 1:7042 <-> DISABLED <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
 * 1:7048 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel object record overflow attempt (web-client.rules)
 * 1:7049 <-> DISABLED <-> SPYWARE-PUT Hijacker extreme biz runtime detection - uniq1 (spyware-put.rules)
 * 1:7050 <-> DISABLED <-> SPYWARE-PUT Hijacker freecruise toolbar runtime detection (spyware-put.rules)
 * 1:7051 <-> DISABLED <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - spyware injection (spyware-put.rules)
 * 1:7052 <-> DISABLED <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - adv (spyware-put.rules)
 * 1:7053 <-> DISABLED <-> SPYWARE-PUT Adware webredir runtime detection (spyware-put.rules)
 * 1:7054 <-> DISABLED <-> SPYWARE-PUT Trickler download arq variant runtime detection (spyware-put.rules)
 * 1:7055 <-> DISABLED <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules)
 * 1:7057 <-> DISABLED <-> BACKDOOR charon runtime detection - initial connection (backdoor.rules)
 * 1:7058 <-> DISABLED <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules)
 * 1:7059 <-> DISABLED <-> BACKDOOR charon runtime detection - download file/log flowbit 2 (backdoor.rules)
 * 1:7060 <-> DISABLED <-> BACKDOOR charon runtime detection - download file/log (backdoor.rules)
 * 1:7061 <-> DISABLED <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules)
 * 1:7064 <-> DISABLED <-> BACKDOOR cybernetic 1.62 runtime detection - email notification (backdoor.rules)
 * 1:7065 <-> DISABLED <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
 * 1:7066 <-> DISABLED <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
 * 1:7067 <-> DISABLED <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection (backdoor.rules)
 * 1:7072 <-> DISABLED <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (backdoor.rules)
 * 1:7075 <-> DISABLED <-> BACKDOOR bandook 1.0 runtime detection (backdoor.rules)
 * 1:7076 <-> DISABLED <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules)
 * 1:7077 <-> DISABLED <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules)
 * 1:7078 <-> DISABLED <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (backdoor.rules)
 * 1:7079 <-> DISABLED <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (backdoor.rules)
 * 1:7080 <-> DISABLED <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (backdoor.rules)
 * 1:7081 <-> DISABLED <-> BACKDOOR up and run v1.0 beta runtime detection (backdoor.rules)
 * 1:7082 <-> DISABLED <-> BACKDOOR mosucker3.0 runtime detection - client-to-server (backdoor.rules)
 * 1:7084 <-> DISABLED <-> BACKDOOR erazer v1.1 runtime detection - sin notification (backdoor.rules)
 * 1:7085 <-> DISABLED <-> BACKDOOR erazer v1.1 runtime detection (backdoor.rules)
 * 1:7086 <-> DISABLED <-> BACKDOOR erazer v1.1 runtime detection - init connection (backdoor.rules)
 * 1:7087 <-> DISABLED <-> BACKDOOR sinique 1.0 runtime detection - initial connection with correct password client-to-server (backdoor.rules)
 * 1:7089 <-> DISABLED <-> BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password -client-to-server (backdoor.rules)
 * 1:9412 <-> ENABLED <-> SPECIFIC-THREATS sinmsn.b msn propagation detection (specific-threats.rules)
 * 1:9413 <-> ENABLED <-> SPECIFIC-THREATS ganda smtp propagation detection (specific-threats.rules)
 * 1:9414 <-> ENABLED <-> SPECIFIC-THREATS lovelorn.a smtp propagation detection (specific-threats.rules)
 * 1:9415 <-> ENABLED <-> SPECIFIC-THREATS plexus.a smtp propagation detection (specific-threats.rules)
 * 1:9416 <-> ENABLED <-> SPECIFIC-THREATS bagle.at smtp propagation detection (specific-threats.rules)
 * 1:9417 <-> ENABLED <-> SPECIFIC-THREATS bagle.a smtp propagation detection (specific-threats.rules)
 * 1:9418 <-> ENABLED <-> BOTNET-CNC bagle.a http notification detection (botnet-cnc.rules)
 * 1:9419 <-> ENABLED <-> SPECIFIC-THREATS sasser attempt (specific-threats.rules)
 * 1:9420 <-> ENABLED <-> SPECIFIC-THREATS korgo attempt (specific-threats.rules)
 * 1:9421 <-> ENABLED <-> SPECIFIC-THREATS zotob attempt (specific-threats.rules)
 * 1:9422 <-> ENABLED <-> SPECIFIC-THREATS msblast attempt (specific-threats.rules)
 * 1:9423 <-> ENABLED <-> SPECIFIC-THREATS lovegate attempt (specific-threats.rules)
 * 1:9424 <-> ENABLED <-> SPECIFIC-THREATS /winnt/explorer.exe unicode klez infection attempt attempt (specific-threats.rules)
 * 1:9425 <-> ENABLED <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules)
 * 1:9426 <-> ENABLED <-> SPECIFIC-THREATS mydoom.ap attachment (specific-threats.rules)
 * 1:9434 <-> DISABLED <-> WEB-CLIENT Ultravox-Max-Msg header integer overflow attempt (web-client.rules)
 * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules)
 * 1:9623 <-> DISABLED <-> RPC UNIX authentication machinename string overflow attempt TCP (rpc.rules)
 * 1:9624 <-> DISABLED <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules)
 * 1:9625 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player ASX file ref href buffer overflow attempt (web-client.rules)
 * 1:9639 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detection (file-identify.rules)
 * 1:9644 <-> DISABLED <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules)
 * 1:9645 <-> DISABLED <-> SPYWARE-PUT Hijacker sogou runtime detection - keyword hijack (spyware-put.rules)
 * 1:9646 <-> DISABLED <-> SPYWARE-PUT Hijacker sogou runtime detection - search through sogou toolbar (spyware-put.rules)
 * 1:9647 <-> DISABLED <-> SPYWARE-PUT Keylogger system surveillance pro runtime detection (spyware-put.rules)
 * 1:9648 <-> DISABLED <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules)
 * 1:9649 <-> DISABLED <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection - flowbit set (spyware-put.rules)
 * 1:9650 <-> DISABLED <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules)
 * 1:9651 <-> DISABLED <-> SPYWARE-PUT Hijacker ricercadoppia runtime detection (spyware-put.rules)
 * 1:9652 <-> DISABLED <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules)
 * 1:9653 <-> DISABLED <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules)
 * 1:9654 <-> DISABLED <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
 * 1:9656 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
 * 1:9658 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
 * 1:9659 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection - file manage (backdoor.rules)
 * 1:9660 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
 * 1:9661 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection - show processes (backdoor.rules)
 * 1:9662 <-> DISABLED <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
 * 1:9664 <-> DISABLED <-> BACKDOOR crossbow 1.12 runtime detection (backdoor.rules)
 * 1:9665 <-> DISABLED <-> BACKDOOR crossbow 1.12 runtime detection - init connection (backdoor.rules)
 * 1:9666 <-> DISABLED <-> BACKDOOR superra runtime detection - success init connection (backdoor.rules)
 * 1:9772 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules)
 * 1:9773 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 1 overflow attempt (netbios.rules)
 * 1:9828 <-> DISABLED <-> SPYWARE-PUT Keylogger paq keylog runtime detection - ftp (spyware-put.rules)
 * 1:9829 <-> DISABLED <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules)
 * 1:9830 <-> DISABLED <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules)
 * 1:9831 <-> DISABLED <-> SPYWARE-PUT Adware u88 runtime detection (spyware-put.rules)
 * 1:9832 <-> DISABLED <-> BACKDOOR ieva 1.0 runtime detection - send message (backdoor.rules)
 * 1:9833 <-> DISABLED <-> BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (backdoor.rules)
 * 1:9834 <-> DISABLED <-> BACKDOOR ieva 1.0 runtime detection - black screen (backdoor.rules)
 * 1:9835 <-> DISABLED <-> BACKDOOR ieva 1.0 runtime detection - swap mouse (backdoor.rules)
 * 1:9836 <-> DISABLED <-> BACKDOOR ieva 1.0 runtime detection - crazy mouse (backdoor.rules)
 * 1:9837 <-> DISABLED <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
 * 1:9838 <-> DISABLED <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
 * 1:9840 <-> DISABLED <-> WEB-CLIENT Apple QuickTime HREF Track Detected (web-client.rules)
 * 1:9848 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
 * 1:9849 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)
 * 1:9914 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (netbios.rules)
 * 1:7509 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping (spyware-put.rules)
 * 1:7510 <-> DISABLED <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - version verification (spyware-put.rules)
 * 1:7511 <-> DISABLED <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules)
 * 1:7512 <-> DISABLED <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection - flowbit set (spyware-put.rules)
 * 1:7513 <-> DISABLED <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection (spyware-put.rules)
 * 1:7514 <-> DISABLED <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules)
 * 1:7515 <-> DISABLED <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules)
 * 1:7516 <-> DISABLED <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules)
 * 1:7517 <-> DISABLED <-> SPYWARE-PUT Hijacker chinese keywords runtime detection (spyware-put.rules)
 * 1:7518 <-> DISABLED <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules)
 * 1:7520 <-> DISABLED <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - ie autosearch hijack (spyware-put.rules)
 * 1:7521 <-> DISABLED <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 1 (spyware-put.rules)
 * 1:7522 <-> DISABLED <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules)
 * 1:7524 <-> DISABLED <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules)
 * 1:7525 <-> DISABLED <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules)
 * 1:7526 <-> DISABLED <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules)
 * 1:7527 <-> DISABLED <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules)
 * 1:7528 <-> DISABLED <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - ie autosearch hijack (spyware-put.rules)
 * 1:7529 <-> DISABLED <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules)
 * 1:7530 <-> DISABLED <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - trickler (spyware-put.rules)
 * 1:7531 <-> DISABLED <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules)
 * 1:7532 <-> DISABLED <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules)
 * 1:7533 <-> DISABLED <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules)
 * 1:7534 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules)
 * 1:7535 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules)
 * 1:7536 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - popup (spyware-put.rules)
 * 1:7537 <-> DISABLED <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules)
 * 1:7539 <-> DISABLED <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules)
 * 1:7540 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool unify runtime detection - cgi notification (spyware-put.rules)
 * 1:7541 <-> DISABLED <-> SPYWARE-PUT Keylogger starlogger runtime detection (spyware-put.rules)
 * 1:7542 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool mini oblivion runtime detection - successful init connection (spyware-put.rules)
 * 1:7543 <-> DISABLED <-> SPYWARE-PUT Hijacker 2020search runtime detection (spyware-put.rules)
 * 1:7544 <-> DISABLED <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (spyware-put.rules)
 * 1:7545 <-> DISABLED <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (spyware-put.rules)
 * 1:7546 <-> DISABLED <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection (spyware-put.rules)
 * 1:7547 <-> DISABLED <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules)
 * 1:7548 <-> DISABLED <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules)
 * 1:7549 <-> DISABLED <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules)
 * 1:7550 <-> DISABLED <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules)
 * 1:7551 <-> DISABLED <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules)
 * 1:7552 <-> DISABLED <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules)
 * 1:7553 <-> DISABLED <-> SPYWARE-PUT Adware hxdl runtime detection - hxlogonly user-agent (spyware-put.rules)
 * 1:7554 <-> DISABLED <-> SPYWARE-PUT Adware hxdl runtime detection - hxdownload user-agent (spyware-put.rules)
 * 1:7556 <-> DISABLED <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules)
 * 1:7557 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules)
 * 1:7558 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules)
 * 1:7559 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules)
 * 1:7560 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - self update (spyware-put.rules)
 * 1:7561 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - opt out of interstitial advertising (spyware-put.rules)
 * 1:7562 <-> DISABLED <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules)
 * 1:7563 <-> DISABLED <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules)
 * 1:7564 <-> DISABLED <-> SPYWARE-PUT Hijacker startnow runtime detection (spyware-put.rules)
 * 1:7565 <-> DISABLED <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - search engine (spyware-put.rules)
 * 1:7566 <-> DISABLED <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - redirector (spyware-put.rules)
 * 1:7567 <-> DISABLED <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules)
 * 1:7568 <-> DISABLED <-> SPYWARE-PUT Trackware webhancer runtime detection (spyware-put.rules)
 * 1:7569 <-> DISABLED <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules)
 * 1:7570 <-> DISABLED <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules)
 * 1:7571 <-> DISABLED <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules)
 * 1:7572 <-> DISABLED <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules)
 * 1:7573 <-> DISABLED <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules)
 * 1:7574 <-> DISABLED <-> SPYWARE-PUT Keylogger proagent 2.0 runtime detection (spyware-put.rules)
 * 1:7575 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules)
 * 1:7576 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules)
 * 1:7577 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - collect information (spyware-put.rules)
 * 1:7578 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules)
 * 1:7579 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - smileys (spyware-put.rules)
 * 1:7580 <-> DISABLED <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - update (spyware-put.rules)
 * 1:7581 <-> DISABLED <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules)
 * 1:7582 <-> DISABLED <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules)
 * 1:7587 <-> DISABLED <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules)
 * 1:7588 <-> DISABLED <-> SPYWARE-PUT Trickler urlblaze runtime detection - files search or download (spyware-put.rules)
 * 1:7589 <-> DISABLED <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules)
 * 1:7590 <-> DISABLED <-> SPYWARE-PUT Hijacker swbar runtime detection (spyware-put.rules)
 * 1:7591 <-> DISABLED <-> SPYWARE-PUT Keylogger keylogger pro runtime detection - flowbit set (spyware-put.rules)
 * 1:7592 <-> DISABLED <-> SPYWARE-PUT Keylogger keylogger pro runtime detection (spyware-put.rules)
 * 1:7593 <-> DISABLED <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules)
 * 1:7594 <-> DISABLED <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules)
 * 1:7595 <-> DISABLED <-> SPYWARE-PUT Adware comedy planet runtime detection - collect user information (spyware-put.rules)
 * 1:7596 <-> DISABLED <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection - flowbit set (spyware-put.rules)
 * 1:7597 <-> DISABLED <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules)
 * 1:7598 <-> DISABLED <-> SPYWARE-PUT Snoopware 2-seek runtime detection - search in toolbar (spyware-put.rules)
 * 1:7599 <-> DISABLED <-> SPYWARE-PUT Snoopware 2-seek runtime detection - user info collection (spyware-put.rules)
 * 1:7600 <-> DISABLED <-> SPYWARE-PUT Hijacker adtraffic runtime detection - notfound website search hijack and redirection (spyware-put.rules)
 * 1:7601 <-> DISABLED <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to keyserver (spyware-put.rules)
 * 1:7602 <-> DISABLED <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver - flowbit set (spyware-put.rules)
 * 1:7603 <-> DISABLED <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules)
 * 1:7604 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (backdoor.rules)
 * 1:7605 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules)
 * 1:7606 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (backdoor.rules)
 * 1:7607 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules)
 * 1:7608 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - chat - flowbit set (backdoor.rules)
 * 1:7609 <-> DISABLED <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules)
 * 1:7616 <-> DISABLED <-> BACKDOOR theef 2.0 runtime detection - connection without password (backdoor.rules)
 * 1:7617 <-> DISABLED <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (backdoor.rules)
 * 1:7618 <-> DISABLED <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules)
 * 1:7619 <-> DISABLED <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules)
 * 1:7620 <-> DISABLED <-> BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (backdoor.rules)
 * 1:7621 <-> DISABLED <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules)
 * 1:7622 <-> DISABLED <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules)
 * 1:7623 <-> DISABLED <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules)
 * 1:7625 <-> DISABLED <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (backdoor.rules)
 * 1:7626 <-> DISABLED <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules)
 * 1:7627 <-> DISABLED <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules)
 * 1:7628 <-> DISABLED <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules)
 * 1:7629 <-> DISABLED <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules)
 * 1:7630 <-> DISABLED <-> BACKDOOR helios 3.1 runtime detection - initial connection (backdoor.rules)
 * 1:7631 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (backdoor.rules)
 * 1:7632 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - fetch system info (backdoor.rules)
 * 1:7633 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (backdoor.rules)
 * 1:7634 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - irc connection (backdoor.rules)
 * 1:7635 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (backdoor.rules)
 * 1:7636 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - fetch processes list (backdoor.rules)
 * 1:7637 <-> DISABLED <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules)
 * 1:7638 <-> DISABLED <-> BACKDOOR ncph runtime detection - initial connection (backdoor.rules)
 * 1:7641 <-> DISABLED <-> BACKDOOR am remote client runtime detection - client-to-server (backdoor.rules)
 * 1:7644 <-> DISABLED <-> BACKDOOR ullysse runtime detection - client-to-server (backdoor.rules)
 * 1:7645 <-> DISABLED <-> BACKDOOR snipernet 2.1 runtime detection - flowbit set (backdoor.rules)
 * 1:7648 <-> DISABLED <-> BACKDOOR minicom lite runtime detection - client-to-server (backdoor.rules)
 * 1:7650 <-> DISABLED <-> BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7658 <-> DISABLED <-> BACKDOOR jodeitor 1.1 runtime detection - initial connection (backdoor.rules)
 * 1:7659 <-> DISABLED <-> BACKDOOR lan filtrator 1.1 runtime detection - sin notification (backdoor.rules)
 * 1:7660 <-> DISABLED <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (backdoor.rules)
 * 1:7661 <-> DISABLED <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules)
 * 1:7662 <-> DISABLED <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7663 <-> DISABLED <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection (backdoor.rules)
 * 1:7664 <-> DISABLED <-> BACKDOOR screen control 1.0 runtime detection - flowbit set (backdoor.rules)
 * 1:7665 <-> DISABLED <-> BACKDOOR screen control 1.0 runtime detection - initial connection (backdoor.rules)
 * 1:7667 <-> DISABLED <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (backdoor.rules)
 * 1:7668 <-> DISABLED <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (backdoor.rules)
 * 1:7670 <-> DISABLED <-> BACKDOOR digital upload runtime detection - initial connection (backdoor.rules)
 * 1:7671 <-> DISABLED <-> BACKDOOR digital upload runtime detection - chat (backdoor.rules)
 * 1:7672 <-> DISABLED <-> BACKDOOR remoter runtime detection - initial connection (backdoor.rules)
 * 1:7673 <-> DISABLED <-> BACKDOOR remote havoc runtime detection - flowbit set 1 (backdoor.rules)
 * 1:7674 <-> DISABLED <-> BACKDOOR remote havoc runtime detection - flowbit set 2 (backdoor.rules)
 * 1:7675 <-> DISABLED <-> BACKDOOR remote havoc runtime detection (backdoor.rules)
 * 1:7676 <-> DISABLED <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7677 <-> DISABLED <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection (backdoor.rules)
 * 1:7678 <-> DISABLED <-> BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (backdoor.rules)
 * 1:7679 <-> DISABLED <-> BACKDOOR cool remote control 1.12 runtime detection - upload file (backdoor.rules)
 * 1:7680 <-> DISABLED <-> BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (backdoor.rules)
 * 1:7681 <-> DISABLED <-> BACKDOOR cool remote control 1.12 runtime detection - download file (backdoor.rules)
 * 1:7682 <-> DISABLED <-> BACKDOOR acid head 1.00 runtime detection - flowbit set (backdoor.rules)
 * 1:7683 <-> DISABLED <-> BACKDOOR acid head 1.00 runtime detection (backdoor.rules)
 * 1:7684 <-> DISABLED <-> BACKDOOR hrat 1.0 runtime detection (backdoor.rules)
 * 1:7685 <-> DISABLED <-> BACKDOOR illusion runtime detection - get remote info client-to-server (backdoor.rules)
 * 1:7686 <-> DISABLED <-> BACKDOOR illusion runtime detection - get remote info server-to-client (backdoor.rules)
 * 1:7687 <-> DISABLED <-> BACKDOOR illusion runtime detection - file browser client-to-server (backdoor.rules)
 * 1:7688 <-> DISABLED <-> BACKDOOR illusion runtime detection - file browser server-to-client (backdoor.rules)
 * 1:7689 <-> DISABLED <-> BACKDOOR evade runtime detection - initial connection (backdoor.rules)
 * 1:7690 <-> DISABLED <-> BACKDOOR evade runtime detection - file manager - flowbit set (backdoor.rules)
 * 1:7695 <-> DISABLED <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
 * 1:7696 <-> DISABLED <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
 * 1:7698 <-> DISABLED <-> BACKDOOR brain wiper runtime detection - launch application - flowbit set (backdoor.rules)
 * 1:7699 <-> DISABLED <-> BACKDOOR brain wiper runtime detection - launch application (backdoor.rules)
 * 1:7700 <-> DISABLED <-> BACKDOOR brain wiper runtime detection - chat - flowbit set (backdoor.rules)
 * 1:7702 <-> DISABLED <-> BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (backdoor.rules)
 * 1:7705 <-> DISABLED <-> BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7707 <-> DISABLED <-> BACKDOOR omniquad instant remote control runtime detection - file transfer setup (backdoor.rules)
 * 1:7708 <-> DISABLED <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7709 <-> DISABLED <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7710 <-> DISABLED <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (backdoor.rules)
 * 1:7713 <-> DISABLED <-> BACKDOOR amitis v1.3 runtime detection - email notification (backdoor.rules)
 * 1:7714 <-> DISABLED <-> BACKDOOR netdevil runtime detection - flowbit set 1 (backdoor.rules)
 * 1:7715 <-> DISABLED <-> BACKDOOR netdevil runtime detection - flowbit set 2 (backdoor.rules)
 * 1:7716 <-> DISABLED <-> BACKDOOR netdevil runtime detection (backdoor.rules)
 * 1:7717 <-> DISABLED <-> BACKDOOR snake trojan runtime detection (backdoor.rules)
 * 1:7718 <-> DISABLED <-> BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7719 <-> DISABLED <-> BACKDOOR dameware mini remote control runtime detection - initial connection (backdoor.rules)
 * 1:7720 <-> DISABLED <-> BACKDOOR desktop scout runtime detection (backdoor.rules)
 * 1:7721 <-> DISABLED <-> BACKDOOR prorat 1.9 initial connection detection (backdoor.rules)
 * 1:7722 <-> DISABLED <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules)
 * 1:7724 <-> DISABLED <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7726 <-> DISABLED <-> BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (backdoor.rules)
 * 1:7728 <-> DISABLED <-> BACKDOOR radmin runtime detection - client-to-server (backdoor.rules)
 * 1:7729 <-> DISABLED <-> BACKDOOR radmin runtime detection - server-to-client (backdoor.rules)
 * 1:7730 <-> DISABLED <-> BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (backdoor.rules)
 * 1:7731 <-> DISABLED <-> BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (backdoor.rules)
 * 1:7733 <-> DISABLED <-> BACKDOOR outbreak_0.2.7 runtime detection - initial connection (backdoor.rules)
 * 1:7734 <-> DISABLED <-> BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7738 <-> DISABLED <-> BACKDOOR alexmessomalex runtime detection - initial connection (backdoor.rules)
 * 1:7740 <-> DISABLED <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (backdoor.rules)
 * 1:7742 <-> DISABLED <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules)
 * 1:7743 <-> DISABLED <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules)
 * 1:7744 <-> DISABLED <-> BACKDOOR phoenix 2.1 runtime detection - flowbit set (backdoor.rules)
 * 1:7745 <-> DISABLED <-> BACKDOOR phoenix 2.1 runtime detection (backdoor.rules)
 * 1:7746 <-> DISABLED <-> BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
 * 1:7747 <-> DISABLED <-> BACKDOOR bobo 1.0 runtime detection - initial connection (backdoor.rules)
 * 1:7748 <-> DISABLED <-> BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (backdoor.rules)
 * 1:7749 <-> DISABLED <-> BACKDOOR bobo 1.0 runtime detection - send message (backdoor.rules)
 * 1:7750 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
 * 1:7751 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
 * 1:7752 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection (backdoor.rules)
 * 1:7753 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (backdoor.rules)
 * 1:7754 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (backdoor.rules)
 * 1:7755 <-> DISABLED <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function (backdoor.rules)
 * 1:7762 <-> DISABLED <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules)
 * 1:7763 <-> DISABLED <-> BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (backdoor.rules)
 * 1:7764 <-> DISABLED <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (backdoor.rules)
 * 1:7765 <-> DISABLED <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (backdoor.rules)
 * 1:7766 <-> DISABLED <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules)
 * 1:7767 <-> DISABLED <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (backdoor.rules)
 * 1:7770 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (backdoor.rules)
 * 1:7771 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - get server info (backdoor.rules)
 * 1:7772 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (backdoor.rules)
 * 1:7773 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger (backdoor.rules)
 * 1:7774 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (backdoor.rules)
 * 1:7775 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - screen capture (backdoor.rules)
 * 1:7776 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (backdoor.rules)
 * 1:7777 <-> DISABLED <-> BACKDOOR messiah 4.0 runtime detection - get drives (backdoor.rules)
 * 1:7778 <-> DISABLED <-> BACKDOOR elfrat runtime detection - initial connection (backdoor.rules)
 * 1:7782 <-> DISABLED <-> BACKDOOR netdevil runtime detection - file manager - flowbit set (backdoor.rules)
 * 1:7783 <-> DISABLED <-> BACKDOOR netdevil runtime detection - file manager (backdoor.rules)
 * 1:7791 <-> DISABLED <-> BACKDOOR remote anything 5.11.22 runtime detection - victim response (backdoor.rules)
 * 1:7792 <-> DISABLED <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (backdoor.rules)
 * 1:7793 <-> DISABLED <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (backdoor.rules)
 * 1:7794 <-> DISABLED <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (backdoor.rules)
 * 1:7795 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
 * 1:7796 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
 * 1:7797 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
 * 1:7798 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
 * 1:7799 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
 * 1:7800 <-> DISABLED <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
 * 1:7803 <-> DISABLED <-> BACKDOOR war trojan ver1.0 runtime detection - send messages (backdoor.rules)
 * 1:7804 <-> DISABLED <-> BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (backdoor.rules)
 * 1:7806 <-> DISABLED <-> BACKDOOR fatal wound 1.0 runtime detection - initial connection (backdoor.rules)
 * 1:7807 <-> DISABLED <-> BACKDOOR fatal wound 1.0 runtime detection - execute file (backdoor.rules)
 * 1:7808 <-> DISABLED <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
 * 1:7809 <-> DISABLED <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
 * 1:7811 <-> DISABLED <-> BACKDOOR abacab runtime detection - telnet initial (backdoor.rules)
 * 1:7812 <-> DISABLED <-> BACKDOOR abacab runtime detection - banner (backdoor.rules)
 * 1:7813 <-> DISABLED <-> BACKDOOR darkmoon initial connection detection - cts (backdoor.rules)
 * 1:7814 <-> DISABLED <-> BACKDOOR darkmoon initial connection detection - stc (backdoor.rules)
 * 1:7815 <-> DISABLED <-> BACKDOOR darkmoon reverse connection detection - stc (backdoor.rules)
 * 1:7816 <-> DISABLED <-> BACKDOOR darkmoon reverse connection detection - cts (backdoor.rules)
 * 1:7817 <-> DISABLED <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
 * 1:7818 <-> DISABLED <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
 * 1:7823 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - datachunksgz (spyware-put.rules)
 * 1:7824 <-> DISABLED <-> SPYWARE-PUT Trickler whenu.clocksync runtime detection (spyware-put.rules)
 * 1:7825 <-> DISABLED <-> SPYWARE-PUT Adware whenu.savenow runtime detection (spyware-put.rules)
 * 1:7826 <-> DISABLED <-> SPYWARE-PUT Trickler whenu.weathercast runtime detection - check (spyware-put.rules)
 * 1:7827 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules)
 * 1:7828 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules)
 * 1:7830 <-> DISABLED <-> SPYWARE-PUT Botnet dacryptic runtime detection (spyware-put.rules)
 * 1:7831 <-> DISABLED <-> SPYWARE-PUT Adware downloadplus runtime detection (spyware-put.rules)
 * 1:7832 <-> DISABLED <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules)
 * 1:7833 <-> DISABLED <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - search (spyware-put.rules)
 * 1:7834 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
 * 1:7835 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
 * 1:7836 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report send through email (spyware-put.rules)
 * 1:7837 <-> DISABLED <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules)
 * 1:7838 <-> DISABLED <-> SPYWARE-PUT Adware smiley central runtime detection (spyware-put.rules)
 * 1:7840 <-> DISABLED <-> SPYWARE-PUT Hijacker instafinder initial configuration detection (spyware-put.rules)
 * 1:7841 <-> DISABLED <-> SPYWARE-PUT Hijacker instafinder error redirect detection (spyware-put.rules)
 * 1:7842 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool davps runtime detection (spyware-put.rules)
 * 1:7843 <-> DISABLED <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - search engine hijack (spyware-put.rules)
 * 1:7844 <-> DISABLED <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - post data (spyware-put.rules)
 * 1:7845 <-> DISABLED <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules)
 * 1:7846 <-> DISABLED <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules)
 * 1:7847 <-> DISABLED <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection - send log through email (spyware-put.rules)
 * 1:7848 <-> DISABLED <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules)
 * 1:7849 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - toolbar download (spyware-put.rules)
 * 1:7850 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - retrieve command (spyware-put.rules)
 * 1:7851 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - ack (spyware-put.rules)
 * 1:7852 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - advertisement (spyware-put.rules)
 * 1:7853 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 1 (spyware-put.rules)
 * 1:7854 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - config retrieval (spyware-put.rules)
 * 1:7855 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 2 (spyware-put.rules)
 * 1:7856 <-> DISABLED <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules)
 * 1:7857 <-> DISABLED <-> SPYWARE-PUT Keylogger EliteKeylogger runtime detection (spyware-put.rules)
 * 1:7858 <-> DISABLED <-> POLICY Google Desktop initial install - firstuse request (policy.rules)
 * 1:7859 <-> DISABLED <-> POLICY Google Desktop initial install  - installer request (policy.rules)
 * 1:7860 <-> DISABLED <-> POLICY Google Desktop search query (policy.rules)
 * 1:7861 <-> DISABLED <-> POLICY Google Desktop activity (policy.rules)
 * 1:8058 <-> DISABLED <-> WEB-CLIENT Mozilla javascript navigator object access (web-client.rules)
 * 1:8059 <-> DISABLED <-> ORACLE SYS.KUPW-WORKER sql injection attempt (oracle.rules)
 * 1:8071 <-> DISABLED <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - search hijack (spyware-put.rules)
 * 1:8072 <-> DISABLED <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - surf monitor (spyware-put.rules)
 * 1:8073 <-> DISABLED <-> SPYWARE-PUT Adware zango toolbar runtime detection (spyware-put.rules)
 * 1:8074 <-> DISABLED <-> BACKDOOR mithril runtime detection - init connection (backdoor.rules)
 * 1:8075 <-> DISABLED <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules)
 * 1:8076 <-> DISABLED <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules)
 * 1:8077 <-> DISABLED <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules)
 * 1:8078 <-> DISABLED <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules)
 * 1:8079 <-> DISABLED <-> BACKDOOR x2a runtime detection - init connection (backdoor.rules)
 * 1:8080 <-> DISABLED <-> BACKDOOR x2a runtime detection - client update (backdoor.rules)
 * 1:8081 <-> DISABLED <-> SCAN UPnP service discover attempt (scan.rules)
 * 1:8090 <-> DISABLED <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
 * 1:8091 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer error message format string vulnerability attempt (web-client.rules)
 * 1:8157 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (netbios.rules)
 * 1:8355 <-> ENABLED <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection (spyware-put.rules)
 * 1:8360 <-> DISABLED <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules)
 * 1:8361 <-> DISABLED <-> BACKDOOR black curse 4.0 runtime detection - inverse init connection (backdoor.rules)
 * 1:8362 <-> DISABLED <-> BACKDOOR black curse 4.0 runtime detection - normal init connection (backdoor.rules)
 * 1:8416 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:8448 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel colinfo XF record overflow attempt (web-client.rules)
 * 1:8449 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8450 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type attempt (netbios.rules)
 * 1:8451 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8452 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8453 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8454 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type attempt (netbios.rules)
 * 1:8455 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8456 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8457 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8458 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type attempt (netbios.rules)
 * 1:8459 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8460 <-> DISABLED <-> NETBIOS SMB Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8461 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - send userinfo (spyware-put.rules)
 * 1:8462 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace info downloaded (spyware-put.rules)
 * 1:8463 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace login info (spyware-put.rules)
 * 1:8464 <-> DISABLED <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules)
 * 1:8465 <-> DISABLED <-> SPYWARE-PUT Keylogger netobserve runtime detection - email notification (spyware-put.rules)
 * 1:8466 <-> DISABLED <-> SPYWARE-PUT Keylogger netobserve runtime detection - email notification (spyware-put.rules)
 * 1:8467 <-> DISABLED <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules)
 * 1:8468 <-> DISABLED <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules)
 * 1:8469 <-> DISABLED <-> SPYWARE-PUT Hijacker accoona runtime detection - open sidebar search url (spyware-put.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detection (file-identify.rules)
 * 1:8482 <-> DISABLED <-> POLICY Xfire session initiated (policy.rules)
 * 1:8483 <-> DISABLED <-> POLICY Xfire login attempted (policy.rules)
 * 1:8484 <-> DISABLED <-> POLICY Xfire login successful (policy.rules)
 * 1:8541 <-> DISABLED <-> ORACLE sdo_cs.transform_layer buffer overflow attempt (oracle.rules)
 * 1:8542 <-> DISABLED <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules)
 * 1:8543 <-> DISABLED <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - display popup ads (spyware-put.rules)
 * 1:8544 <-> DISABLED <-> SPYWARE-PUT Keylogger nicespy runtime detection - smtp (spyware-put.rules)
 * 1:8545 <-> DISABLED <-> SPYWARE-PUT Adware roogoo runtime detection - surfing monitor (spyware-put.rules)
 * 1:8546 <-> DISABLED <-> SPYWARE-PUT Adware roogoo runtime detection - show ads (spyware-put.rules)
 * 1:8547 <-> DISABLED <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules)
 * 1:8548 <-> DISABLED <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules)
 * 1:8550 <-> DISABLED <-> ORACLE dbms_mview.register_mview buffer overflow attempt (oracle.rules)
 * 1:8551 <-> DISABLED <-> ORACLE dbms_mview.unregister_mview buffer overflow attempt (oracle.rules)
 * 1:8704 <-> DISABLED <-> SMTP YPOPS Banner (smtp.rules)
 * 1:8709 <-> DISABLED <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules)
 * 1:8710 <-> DISABLED <-> DNS Windows NAT helper components udp denial of service attempt (dns.rules)
 * 1:8925 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules)
 * 1:9132 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules)
 * 1:9228 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (netbios.rules)
 * 1:9324 <-> DISABLED <-> POLICY TOR traffic anonymizer server request (policy.rules)
 * 1:9325 <-> DISABLED <-> DOS Citrix IMA DOS event data length denial of service attempt (dos.rules)
 * 1:9326 <-> ENABLED <-> SPECIFIC-THREATS netsky.p smtp propagation detection (specific-threats.rules)
 * 1:9327 <-> ENABLED <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules)
 * 1:9328 <-> ENABLED <-> SPECIFIC-THREATS zhangpo smtp propagation detection (specific-threats.rules)
 * 1:9329 <-> ENABLED <-> SPECIFIC-THREATS yarner.b smtp propagation detection (specific-threats.rules)
 * 1:9330 <-> ENABLED <-> SPECIFIC-THREATS mydoom.e smtp propagation detection (specific-threats.rules)
 * 1:9331 <-> ENABLED <-> SPECIFIC-THREATS mydoom.m smtp propagation detection (specific-threats.rules)
 * 1:9332 <-> ENABLED <-> SPECIFIC-THREATS mimail.a smtp propagation detection (specific-threats.rules)
 * 1:9333 <-> ENABLED <-> SPECIFIC-THREATS mimail.e smtp propagation detection (specific-threats.rules)
 * 1:9334 <-> ENABLED <-> SPECIFIC-THREATS lovgate.c smtp propagation detection (specific-threats.rules)
 * 1:9335 <-> ENABLED <-> SPECIFIC-THREATS netsky.b smtp propagation detection (specific-threats.rules)
 * 1:9336 <-> ENABLED <-> SPECIFIC-THREATS netsky.t smtp propagation detection (specific-threats.rules)
 * 1:9337 <-> ENABLED <-> SPECIFIC-THREATS netsky.x smtp propagation detection (specific-threats.rules)
 * 1:9338 <-> ENABLED <-> SPECIFIC-THREATS mydoom.i smtp propagation detection (specific-threats.rules)
 * 1:9339 <-> ENABLED <-> SPECIFIC-THREATS klez.g web propagation detection (specific-threats.rules)
 * 1:9340 <-> ENABLED <-> SPECIFIC-THREATS klez.i web propagation detection (specific-threats.rules)
 * 1:9342 <-> ENABLED <-> SPECIFIC-THREATS paroc.a smtp propagation detection (specific-threats.rules)
 * 1:9343 <-> ENABLED <-> SPECIFIC-THREATS kadra smtp propagation detection (specific-threats.rules)
 * 1:9344 <-> ENABLED <-> SPECIFIC-THREATS kindal smtp propagation detection (specific-threats.rules)
 * 1:9345 <-> ENABLED <-> SPECIFIC-THREATS kipis.a smtp propagation detection (specific-threats.rules)
 * 1:9346 <-> ENABLED <-> SPECIFIC-THREATS klez.b web propagation detection (specific-threats.rules)
 * 1:9347 <-> ENABLED <-> SPECIFIC-THREATS klez.b netshare propagation detection (specific-threats.rules)
 * 1:9348 <-> ENABLED <-> SPECIFIC-THREATS morbex smtp propagation detection (specific-threats.rules)
 * 1:9349 <-> ENABLED <-> SPECIFIC-THREATS plemood smtp propagation detection (specific-threats.rules)
 * 1:9350 <-> ENABLED <-> SPECIFIC-THREATS mimail.k smtp propagation detection (specific-threats.rules)
 * 1:9351 <-> ENABLED <-> SPECIFIC-THREATS lovgate.a netshare propagation detection (specific-threats.rules)
 * 1:9352 <-> ENABLED <-> SPECIFIC-THREATS lovgate.a smtp propagation detection (specific-threats.rules)
 * 1:9353 <-> ENABLED <-> SPECIFIC-THREATS deborm.x netshare propagation detection (specific-threats.rules)
 * 1:9354 <-> ENABLED <-> SPECIFIC-THREATS deborm.y netshare propagation detection (specific-threats.rules)
 * 1:9355 <-> ENABLED <-> SPECIFIC-THREATS deborm.u netshare propagation detection (specific-threats.rules)
 * 1:9356 <-> ENABLED <-> SPECIFIC-THREATS deborm.q netshare propagation detection (specific-threats.rules)
 * 1:9357 <-> ENABLED <-> SPECIFIC-THREATS deborm.r netshare propagation detection (specific-threats.rules)
 * 1:9358 <-> ENABLED <-> SPECIFIC-THREATS fizzer smtp propagation detection (specific-threats.rules)
 * 1:9359 <-> ENABLED <-> SPECIFIC-THREATS zafi.b smtp propagation detection (specific-threats.rules)
 * 1:9360 <-> ENABLED <-> SPECIFIC-THREATS cult.b smtp propagation detection (specific-threats.rules)
 * 1:9361 <-> ENABLED <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules)
 * 1:9362 <-> ENABLED <-> SPECIFIC-THREATS mimail.m smtp propagation detection (specific-threats.rules)
 * 1:9363 <-> ENABLED <-> SPECIFIC-THREATS klez.d web propagation detection (specific-threats.rules)
 * 1:9364 <-> ENABLED <-> SPECIFIC-THREATS klez.e web propagation detection (specific-threats.rules)
 * 1:9365 <-> ENABLED <-> SPECIFIC-THREATS cult.c smtp propagation detection (specific-threats.rules)
 * 1:9366 <-> ENABLED <-> SPECIFIC-THREATS mimail.s smtp propagation detection (specific-threats.rules)
 * 1:9367 <-> ENABLED <-> SPECIFIC-THREATS anset.b smtp propagation detection (specific-threats.rules)
 * 1:9368 <-> ENABLED <-> SPECIFIC-THREATS agist.a smtp propagation detection (specific-threats.rules)
 * 1:9369 <-> ENABLED <-> SPECIFIC-THREATS atak.a smtp propagation detection (specific-threats.rules)
 * 1:9370 <-> ENABLED <-> SPECIFIC-THREATS bagle.b smtp propagation detection (specific-threats.rules)
 * 1:9371 <-> ENABLED <-> SPECIFIC-THREATS bagle.e smtp propagation detection (specific-threats.rules)
 * 1:9372 <-> ENABLED <-> SPECIFIC-THREATS blebla.a smtp propagation detection (specific-threats.rules)
 * 1:9373 <-> ENABLED <-> SPECIFIC-THREATS clepa smtp propagation detection (specific-threats.rules)
 * 1:9374 <-> ENABLED <-> SPECIFIC-THREATS creepy.b smtp propagation detection (specific-threats.rules)
 * 1:9375 <-> ENABLED <-> SPECIFIC-THREATS duksten.c smtp propagation detection (specific-threats.rules)
 * 1:9376 <-> ENABLED <-> SPECIFIC-THREATS fishlet.a smtp propagation detection (specific-threats.rules)
 * 1:9377 <-> ENABLED <-> SPECIFIC-THREATS mydoom.g smtp propagation detection (specific-threats.rules)
 * 1:9378 <-> ENABLED <-> SPECIFIC-THREATS netsky.q smtp propagation detection (specific-threats.rules)
 * 1:9379 <-> ENABLED <-> SPECIFIC-THREATS netsky.s smtp propagation detection (specific-threats.rules)
 * 1:9380 <-> ENABLED <-> SPECIFIC-THREATS jitux msn messenger propagation detection (specific-threats.rules)
 * 1:9381 <-> ENABLED <-> SPECIFIC-THREATS lara smtp propagation detection (specific-threats.rules)
 * 1:9382 <-> ENABLED <-> SPECIFIC-THREATS fearso.c smtp propagation detection (specific-threats.rules)
 * 1:9383 <-> ENABLED <-> SPECIFIC-THREATS netsky.y smtp propagation detection (specific-threats.rules)
 * 1:9384 <-> ENABLED <-> SPECIFIC-THREATS beglur.a smtp propagation detection (specific-threats.rules)
 * 1:9385 <-> ENABLED <-> SPECIFIC-THREATS collo.a smtp propagation detection (specific-threats.rules)
 * 1:9386 <-> ENABLED <-> SPECIFIC-THREATS bagle.f smtp propagation detection (specific-threats.rules)
 * 1:9387 <-> ENABLED <-> SPECIFIC-THREATS klez.j web propagation detection (specific-threats.rules)
 * 1:9388 <-> ENABLED <-> SPECIFIC-THREATS mimail.g smtp propagation detection (specific-threats.rules)
 * 1:9389 <-> ENABLED <-> SPECIFIC-THREATS bagle.i smtp propagation detection (specific-threats.rules)
 * 1:9390 <-> ENABLED <-> SPECIFIC-THREATS deborm.d netshare propagation detection (specific-threats.rules)
 * 1:9391 <-> ENABLED <-> SPECIFIC-THREATS mimail.i smtp propagation detection (specific-threats.rules)
 * 1:9392 <-> ENABLED <-> SPECIFIC-THREATS bagle.j smtp propagation detection (specific-threats.rules)
 * 1:9393 <-> ENABLED <-> SPECIFIC-THREATS bagle.k smtp propagation detection (specific-threats.rules)
 * 1:9394 <-> ENABLED <-> SPECIFIC-THREATS bagle.n smtp propagation detection (specific-threats.rules)
 * 1:9395 <-> ENABLED <-> SPECIFIC-THREATS deborm.j netshare propagation detection (specific-threats.rules)
 * 1:9396 <-> ENABLED <-> SPECIFIC-THREATS deborm.t netshare propagation detection (specific-threats.rules)
 * 1:9397 <-> ENABLED <-> SPECIFIC-THREATS neysid smtp propagation detection (specific-threats.rules)
 * 1:9398 <-> ENABLED <-> SPECIFIC-THREATS totilix.a smtp propagation detection (specific-threats.rules)
 * 1:9399 <-> ENABLED <-> SPECIFIC-THREATS hanged smtp propagation detection (specific-threats.rules)
 * 1:9400 <-> ENABLED <-> SPECIFIC-THREATS abotus smtp propagation detection (specific-threats.rules)
 * 1:9401 <-> ENABLED <-> SPECIFIC-THREATS gokar http propagation detectiot (specific-threats.rules)
 * 1:9402 <-> ENABLED <-> SPECIFIC-THREATS welchia tftp propagation detection (specific-threats.rules)
 * 1:9403 <-> ENABLED <-> SPECIFIC-THREATS netsky.aa smtp propagation detection (specific-threats.rules)
 * 1:9404 <-> ENABLED <-> SPECIFIC-THREATS netsky.ac smtp propagation detection (specific-threats.rules)
 * 1:9406 <-> ENABLED <-> SPECIFIC-THREATS lovgate.e smtp propagation detection (specific-threats.rules)
 * 1:9407 <-> ENABLED <-> SPECIFIC-THREATS lovgate.b netshare propagation detection (specific-threats.rules)
 * 1:9408 <-> ENABLED <-> SPECIFIC-THREATS lacrow smtp propagation detection (specific-threats.rules)
 * 1:9409 <-> ENABLED <-> SPECIFIC-THREATS atak.b smtp propagation detection (specific-threats.rules)
 * 1:9410 <-> ENABLED <-> SPECIFIC-THREATS netsky.z smtp propagation detection (specific-threats.rules)
 * 1:9411 <-> ENABLED <-> SPECIFIC-THREATS mimail.f smtp propagation detection (specific-threats.rules)