Sourcefire VRT Rules Update

Date: 2012-03-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21618 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21617 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21612 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21611 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 3:21619 <-> ENABLED <-> EXPLOIT Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (exploit.rules)

Modified Rules:


 * 1:15577 <-> DISABLED <-> CHAT Microsoft MSN Messenger web client activity (chat.rules)
 * 1:15576 <-> DISABLED <-> CHAT Microsoft MSN Messenger web client login (chat.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15230 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Viewer 2 ActiveX clsid access (web-activex.rules)
 * 1:15184 <-> DISABLED <-> CHAT Microsoft MSN messenger http link transmission attempt (chat.rules)
 * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media download detected (file-identify.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:14257 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Encoder 9 ActiveX function call access (web-activex.rules)
 * 1:14255 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Encoder 9 ActiveX clsid access (web-activex.rules)
 * 1:13919 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13918 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13917 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:12593 <-> DISABLED <-> EXPLOIT Mozilla Firefox Apple Quicktime chrome exploit (exploit.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file magic detected (file-identify.rules)
 * 1:11201 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Viewer ActiveX function call access (web-activex.rules)
 * 1:11199 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Viewer ActiveX clsid access (web-activex.rules)
 * 1:1111 <-> DISABLED <-> WEB-MISC Apache Tomcat server exploit access (web-misc.rules)
 * 1:1108 <-> DISABLED <-> WEB-MISC Apache Tomcat server snoop access (web-misc.rules)
 * 1:1056 <-> DISABLED <-> WEB-MISC Apache Tomcat view source attempt (web-misc.rules)
 * 1:10418 <-> DISABLED <-> EXPLOIT lpd Solaris unlink file attempt (exploit.rules)
 * 1:10178 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Shell User Enumeration Object ActiveX function call access (web-activex.rules)
 * 1:8710 <-> DISABLED <-> DNS Microsoft Windows NAT helper components udp denial of service attempt (dns.rules)
 * 1:8709 <-> DISABLED <-> DNS Microsoft Windows NAT helper components tcp denial of service attempt (dns.rules)
 * 1:8401 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Services DRM Storage ActiveX clsid access (web-activex.rules)
 * 1:8068 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Scripting Host Shell ActiveX function call access (web-activex.rules)
 * 1:8066 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Scripting Host Shell ActiveX clsid access (web-activex.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:6681 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Transform Effects ActiveX clsid access (web-activex.rules)
 * 1:540 <-> DISABLED <-> CHAT Microsoft MSN message (chat.rules)
 * 1:5318 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf file arbitrary code execution attempt (web-client.rules)
 * 1:4178 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Record Navigation Control ActiveX object access (web-activex.rules)
 * 1:4177 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:4176 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Chart ActiveX object access (web-activex.rules)
 * 1:4175 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office 2000/2002 Web Components PivotTable ActiveX object access (web-activex.rules)
 * 1:4170 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-activex.rules)
 * 1:4158 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Player Active Movie ActiveX object access (web-activex.rules)
 * 1:4156 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Player 7+ ActiveX object access (web-activex.rules)
 * 1:4152 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Media Player 6.4 ActiveX object access (web-activex.rules)
 * 1:4145 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Trouble Shooter ActiveX object access (web-activex.rules)
 * 1:4144 <-> DISABLED <-> EXPLOIT lpd Solaris control file upload attempt (exploit.rules)
 * 1:4143 <-> DISABLED <-> EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC Real RealPlayer realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:3822 <-> DISABLED <-> WEB-MISC Real RealPlayer realtext long URI request attempt (web-misc.rules)
 * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules)
 * 1:3686 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Content Advisor memory corruption attempt (web-client.rules)
 * 1:3486 <-> DISABLED <-> MISC Microsoft Windows SSLv3 invalid data version attempt (misc.rules)
 * 1:2441 <-> DISABLED <-> WEB-MISC NetObserve authentication bypass attempt (web-misc.rules)
 * 1:2440 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist rtsp URL overflow attempt (web-client.rules)
 * 1:2439 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist http URL overflow attempt (web-client.rules)
 * 1:2438 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist file URL overflow attempt (web-client.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:21570 <-> DISABLED <-> MISC Microsoft Windows RemoteDesktop new session flood attempt (misc.rules)
 * 1:21556 <-> DISABLED <-> POLICY Microsoft Windows 98 User-Agent string (policy.rules)
 * 1:21515 <-> DISABLED <-> WEB-MISC Apache Tomcat Web Application Manager access (web-misc.rules)
 * 1:21503 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel SXDB memory corruption (specific-threats.rules)
 * 1:21375 <-> DISABLED <-> WEB-PHP Remote Execution Backdoor Attempt Against Horde (web-php.rules)
 * 1:21252 <-> DISABLED <-> BACKDOOR Trojan.Win32.Sirefef.P runtime detection (backdoor.rules)
 * 1:21193 <-> DISABLED <-> BACKDOOR Win32.Dalbot.A outbound connection (backdoor.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealPlayer realtext file download request (file-identify.rules)
 * 1:21079 <-> DISABLED <-> SCADA Siemens SIMATIC HMI Administrator cookie detected (scada.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20790 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20789 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20788 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20787 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20653 <-> DISABLED <-> SMTP Microsoft Windows Media Player ASX file ref href buffer overflow attempt (smtp.rules)
 * 1:20617 <-> DISABLED <-> EXPLOIT Sage SalesLogix admin authentication bypass attempt (exploit.rules)
 * 1:2061 <-> DISABLED <-> WEB-MISC Apache Tomcat null byte directory listing attempt (web-misc.rules)
 * 1:20554 <-> DISABLED <-> CHAT Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (chat.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20504 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20272 <-> DISABLED <-> DOS Microsoft Forefront UAG NLSessionS cookie overflow attempt (dos.rules)
 * 1:20268 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Marquee stylesheet object removal (specific-threats.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20118 <-> DISABLED <-> NETBIOS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (netbios.rules)
 * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:1991 <-> DISABLED <-> CHAT Microsoft MSN login attempt (chat.rules)
 * 1:1990 <-> DISABLED <-> CHAT Microsoft MSN user search (chat.rules)
 * 1:1989 <-> DISABLED <-> CHAT Microsoft MSN outbound file transfer rejected (chat.rules)
 * 1:1988 <-> DISABLED <-> CHAT Microsoft MSN outbound file transfer accept (chat.rules)
 * 1:1986 <-> DISABLED <-> CHAT Microsoft MSN outbound file transfer request (chat.rules)
 * 1:19667 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross-domain scripting attack (specific-threats.rules)
 * 1:19266 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19265 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19240 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7/8 reload stylesheet attempt (web-client.rules)
 * 1:19236 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer drag event memory corruption attempt (specific-threats.rules)
 * 1:18951 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onPropertyChange deleteTable memory corruption attempt (specific-threats.rules)
 * 1:18629 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt  (netbios.rules)
 * 1:18628 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt  (netbios.rules)
 * 1:18627 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt  (netbios.rules)
 * 1:18626 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt  (netbios.rules)
 * 1:18625 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt  (netbios.rules)
 * 1:18583 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18542 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (specific-threats.rules)
 * 1:18540 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer invalid pointer memory corruption attempt (specific-threats.rules)
 * 1:18500 <-> DISABLED <-> NETBIOS Microsoft Groove mso.dll dll-load exploit attempt  (netbios.rules)
 * 1:18497 <-> DISABLED <-> NETBIOS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (netbios.rules)
 * 1:1830 <-> DISABLED <-> WEB-MISC Apache Tomcat SnoopServlet servlet access (web-misc.rules)
 * 1:1829 <-> DISABLED <-> WEB-MISC Apache Tomcat TroubleShooter servlet access (web-misc.rules)
 * 1:18278 <-> DISABLED <-> NETBIOS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt  (netbios.rules)
 * 1:1827 <-> DISABLED <-> WEB-MISC Apache Tomcat servlet mapping cross site scripting attempt (web-misc.rules)
 * 1:18203 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book smmscrpt.dll malicious DLL load  (netbios.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:17726 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer address bar spoofing attempt (specific-threats.rules)
 * 1:17703 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer popup title bar spoofing attempt (specific-threats.rules)
 * 1:17658 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash frame type identifier memory corruption attempt (specific-threats.rules)
 * 1:17644 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer object clone deletion memory corruption attempt (specific-threats.rules)
 * 1:17585 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer possible javascript onunload event memory corruption (specific-threats.rules)
 * 1:17551 <-> DISABLED <-> CHAT Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (chat.rules)
 * 1:17549 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Error Handling Code Execution (specific-threats.rules)
 * 1:17502 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17501 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17500 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17499 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17498 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17463 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer File Download Dialog Box Manipulation (specific-threats.rules)
 * 1:17448 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (specific-threats.rules)
 * 1:17447 <-> DISABLED <-> WEB-MISC 407 Proxy Authentication Required (web-misc.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17402 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer nested tag memory corruption attempt (specific-threats.rules)
 * 1:17401 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (specific-threats.rules)
 * 1:17391 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17371 <-> DISABLED <-> WEB-MISC Squid authentication headers handling denial of service attempt (web-misc.rules)
 * 1:17370 <-> DISABLED <-> WEB-MISC Squid authentication headers handling denial of service attempt (web-misc.rules)
 * 1:17360 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox XBM image processing buffer overflow attempt (web-client.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17357 <-> ENABLED <-> CHAT AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (chat.rules)
 * 1:17338 <-> ENABLED <-> SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (shellcode.rules)
 * 1:17337 <-> ENABLED <-> SHELLCODE x86 Microsoft Win32 export table enumeration variant (shellcode.rules)
 * 1:17330 <-> DISABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17327 <-> ENABLED <-> IMAP Qualcomm WorldMail Server Response (imap.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:16605 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer nested SPAN tag memory corruption attempt (specific-threats.rules)
 * 1:16595 <-> DISABLED <-> POP3 Microsoft Windows Mail remote code execution attempt  (pop3.rules)
 * 1:16537 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (exploit.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16525 <-> DISABLED <-> CHAT Microsoft MSN Messenger web login attempt (chat.rules)
 * 1:16424 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Script Host Shell Object ActiveX clsid access (web-activex.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16153 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed WMF meta escape record memory corruption (web-client.rules)
 * 1:16022 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16023 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:15994 <-> DISABLED <-> SPECIFIC-THREATS Squid strListGetItem denial of service attempt (specific-threats.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15583 <-> DISABLED <-> WEB-CLIENT F-Secure AntiVirus library heap overflow attempt (web-client.rules)
 * 1:10176 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Shell User Enumeration Object ActiveX clsid access (web-activex.rules)
 * 1:10131 <-> DISABLED <-> WEB-CLIENT Mozilla compareTo arbitrary code execution attempt (web-client.rules)
 * 1:10126 <-> DISABLED <-> WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules)
 * 1:10115 <-> DISABLED <-> WEB-CLIENT Microsoft Windows WMF DOS attempt (web-client.rules)