Sourcefire VRT Rules Update

Date: 2012-04-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21765 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21770 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:21759 <-> DISABLED <-> SPECIFIC-THREATS Ultra Shareware Office HttpUpload buffer overflow attempt (specific-threats.rules)
 * 1:21766 <-> ENABLED <-> EXPLOIT Apple QuickDraw PICT images ARGB records handling memory corruption attempt (exploit.rules)
 * 1:21774 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:21781 <-> DISABLED <-> SPECIFIC-THREATS encoded union select function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21782 <-> DISABLED <-> SPECIFIC-THREATS script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21783 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21784 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:21785 <-> DISABLED <-> SPECIFIC-THREATS javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21786 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21787 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21788 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:21789 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:21790 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (specific-threats.rules)
 * 1:21791 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (web-client.rules)
 * 1:21792 <-> DISABLED <-> FILE-OTHER Microsoft .NET invalid parsing of graphics data attempt (file-other.rules)
 * 1:21793 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer vector graphics reference counting user-after-free attempt (web-client.rules)
 * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules)
 * 1:21795 <-> DISABLED <-> FILE-OTHER Microsoft Windows Authenticode signature verification bypass attempt (file-other.rules)
 * 1:21796 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Exploroer iframe onreadystatechange handler use after free attempt (web-client.rules)
 * 1:21797 <-> DISABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21798 <-> DISABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21799 <-> DISABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21800 <-> DISABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21801 <-> DISABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21767 <-> DISABLED <-> VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (voip.rules)
 * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules)
 * 1:21780 <-> DISABLED <-> SPECIFIC-THREATS encoded waitfor delay function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21771 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:21761 <-> DISABLED <-> BOTNET-CNC Win32.Swisyn variant runtime detection (botnet-cnc.rules)
 * 1:21753 <-> DISABLED <-> EXPLOIT Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (exploit.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21755 <-> ENABLED <-> BOTNET-CNC OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21756 <-> ENABLED <-> BOTNET-CNC OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21754 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21752 <-> DISABLED <-> WEB-CLIENT Novell ZENWorks configuration management preboot request buffer overflow attempt (web-client.rules)
 * 1:21758 <-> ENABLED <-> BOTNET-CNC OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21757 <-> ENABLED <-> BOTNET-CNC OSX.Flashback variant outbound connection (botnet-cnc.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21763 <-> DISABLED <-> DOS CA BrightStor ARCserve Backup denial of service attempt (dos.rules)
 * 1:21768 <-> DISABLED <-> VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (voip.rules)
 * 1:21776 <-> ENABLED <-> SMTP Microsoft Exchange MODPROPS denial of service attempt (smtp.rules)
 * 1:21760 <-> DISABLED <-> BOTNET-CNC Win32.Swisyn variant runtime detection (botnet-cnc.rules)
 * 1:21762 <-> DISABLED <-> EXPLOIT Youngzsoft CMailServer CMailCOM Buffer Overflow attempt (exploit.rules)
 * 1:21773 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:21772 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:21769 <-> DISABLED <-> BACKDOOR Win32.LogonInvader.a runtime detection (backdoor.rules)
 * 1:21775 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)

Modified Rules:


 * 1:15398 <-> DISABLED <-> SCADA OMRON-FINS RUN attempt (scada.rules)
 * 1:15401 <-> DISABLED <-> SCADA OMRON-FINS access right acquire attempt (scada.rules)
 * 1:15402 <-> DISABLED <-> SCADA OMRON-FINS access right forced acquire attempt (scada.rules)
 * 1:15403 <-> DISABLED <-> SCADA OMRON-FINS single file write attempt (scada.rules)
 * 1:15404 <-> DISABLED <-> SCADA OMRON-FINS file delete attempt (scada.rules)
 * 1:15405 <-> DISABLED <-> SCADA OMRON-FINS forced set/reset attempt (scada.rules)
 * 1:15406 <-> DISABLED <-> SCADA OMRON-FINS forced set/reset cancel attempt (scada.rules)
 * 1:15407 <-> DISABLED <-> SCADA OMRON-FINS file memory write attempt (scada.rules)
 * 1:15408 <-> DISABLED <-> SCADA OMRON-FINS data link table write attempt (scada.rules)
 * 1:15409 <-> DISABLED <-> SCADA OMRON-FINS RESET attempt (scada.rules)
 * 1:15410 <-> DISABLED <-> SCADA OMRON-FINS name delete attempt (scada.rules)
 * 1:15411 <-> DISABLED <-> SCADA OMRON-FINS memory card format attempt (scada.rules)
 * 1:15412 <-> DISABLED <-> SCADA OMRON-FINS memory area write overflow attempt (scada.rules)
 * 1:15413 <-> DISABLED <-> SCADA OMRON-FINS memory area fill overflow attempt (scada.rules)
 * 1:15414 <-> DISABLED <-> SCADA OMRON-FINS program area protect clear brute force attempt (scada.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15894 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt (specific-threats.rules)
 * 1:15984 <-> DISABLED <-> SPECIFIC-THREATS Samba Printer Change Notification Request DoS attempt (specific-threats.rules)
 * 1:16001 <-> ENABLED <-> EXPLOIT Apple QuickDraw PICT images ARGB records handling memory corruption attempt (exploit.rules)
 * 1:16041 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime FLIC animation file buffer overflow attempt (specific-threats.rules)
 * 1:16058 <-> DISABLED <-> SPECIFIC-THREATS Samba WINS Server Name Registration handling stack buffer overflow attempt (specific-threats.rules)
 * 1:16177 <-> ENABLED <-> EXPLOIT Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16178 <-> ENABLED <-> EXPLOIT Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:9812 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger YMMAPI.YMailAttach ActiveX function call access (web-activex.rules)
 * 1:16231 <-> DISABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:9673 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer AutoStream.AutoStream.1 ActiveX function call access (web-activex.rules)
 * 1:9793 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger YMMAPI.YMailAttach ActiveX clsid access (web-activex.rules)
 * 1:8444 <-> DISABLED <-> WEB-MISC Trend Micro atxconsole format string server response attempt (web-misc.rules)
 * 1:9671 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-activex.rules)
 * 1:8409 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Stream Handler ActiveX clsid access (web-activex.rules)
 * 1:8387 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (web-activex.rules)
 * 1:8389 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (web-activex.rules)
 * 1:8383 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (web-activex.rules)
 * 1:8385 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Playback Handler ActiveX clsid access (web-activex.rules)
 * 1:8377 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Download Handler ActiveX clsid access (web-activex.rules)
 * 1:8381 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (web-activex.rules)
 * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules)
 * 1:7203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules)
 * 1:7201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word summary information null string overflow attempt (file-office.rules)
 * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:7200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information null string overflow attempt (file-office.rules)
 * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:3822 <-> DISABLED <-> WEB-MISC RealNetworks RealPlayer realtext long URI request attempt (web-misc.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC RealNetworks RealPlayer realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:2278 <-> DISABLED <-> WEB-MISC client negative Content-Length attempt (web-misc.rules)
 * 1:3079 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ANI file parsing overflow (web-client.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21662 <-> ENABLED <-> DOS Blue Coat Systems WinProxy telnet denial of service attempt (dos.rules)
 * 1:21423 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Opltc memory corruption attempt (specific-threats.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21307 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio TAG_xxxSheet code execution attempt (specific-threats.rules)
 * 1:21301 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio TAG_xxxSect code execution attempt (specific-threats.rules)
 * 1:21302 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio TAG_OLEChunk code execution attempt (specific-threats.rules)
 * 1:21244 <-> ENABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:21293 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Visio corrupted compressed data memory corruption attempt (specific-threats.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21243 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2003 EscherStm memory corruption attempt (specific-threats.rules)
 * 1:21081 <-> ENABLED <-> WEB-ACTIVEX RDS.Dataspace ActiveX object code execution attempt (web-activex.rules)
 * 1:21170 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office OLESS stream object name corruption attempt (specific-threats.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20921 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules)
 * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20898 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20242 <-> DISABLED <-> DNS Oracle Secure Backup observice.exe dns response overflow attempt (dns.rules)
 * 1:16324 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules)
 * 1:16421 <-> DISABLED <-> EXPLOIT Microsoft Office PowerPoint out of bounds value remote code execution attempt (exploit.rules)
 * 1:16486 <-> ENABLED <-> SPECIFIC-THREATS Arucer backdoor traffic - command execution attempt (specific-threats.rules)
 * 1:16487 <-> ENABLED <-> SPECIFIC-THREATS Arucer backdoor traffic - yes command attempt (specific-threats.rules)
 * 1:16488 <-> ENABLED <-> SPECIFIC-THREATS Arucer backdoor traffic - write file attempt (specific-threats.rules)
 * 1:16535 <-> ENABLED <-> EXPLOIT Microsoft Office Visio improper attribute code execution attempt (exploit.rules)
 * 1:16536 <-> ENABLED <-> EXPLOIT Microsoft Office Visio off-by-one in array index code execution attempt (exploit.rules)
 * 1:16543 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player codec code execution attempt (web-client.rules)
 * 1:16595 <-> DISABLED <-> POP3 Microsoft Windows Mail remote code execution attempt (pop3.rules)
 * 1:16593 <-> ENABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules)
 * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules)
 * 1:16607 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer RAM Download Handler ActiveX exploit attempt (specific-threats.rules)
 * 1:16609 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (specific-threats.rules)
 * 1:16634 <-> ENABLED <-> WEB-CLIENT Adobe Flash use-after-free attack (web-client.rules)
 * 1:16638 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules)
 * 1:16639 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules)
 * 1:16640 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules)
 * 1:16641 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules)
 * 1:16647 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules)
 * 1:16643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules)
 * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules)
 * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules)
 * 1:16654 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel undocumented Publisher record heap buffer overflow attempt (file-office.rules)
 * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules)
 * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules)
 * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules)
 * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules)
 * 1:16680 <-> DISABLED <-> POLICY Tandberg VCS SSH default key (policy.rules)
 * 1:16673 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave DIR file PAMI chunk code execution attempt (web-client.rules)
 * 1:16699 <-> ENABLED <-> RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (rpc.rules)
 * 1:16701 <-> ENABLED <-> RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (rpc.rules)
 * 1:17046 <-> DISABLED <-> EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (exploit.rules)
 * 1:17114 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource remote code execution attempt (web-client.rules)
 * 1:17113 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource redefine flowbit (web-client.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17120 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules)
 * 1:17121 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules)
 * 1:17123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules)
 * 1:17122 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules)
 * 1:17124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules)
 * 1:17133 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:17142 <-> ENABLED <-> EXPLOIT Adobe Flash Player SWF ActionScript exploit attempt (exploit.rules)
 * 1:17149 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 2 (web-client.rules)
 * 1:17148 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 1 (web-client.rules)
 * 1:17150 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 3 (web-client.rules)
 * 1:17190 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17191 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17193 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17192 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17194 <-> ENABLED <-> EXPLOIT Adobe Director file tSAC tag exploit attempt (exploit.rules)
 * 1:17196 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17197 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17214 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:17198 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17215 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17232 <-> DISABLED <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules)
 * 1:17249 <-> ENABLED <-> EXPLOIT Microsoft Windows LSASS integer overflow attempt (exploit.rules)
 * 1:17233 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules)
 * 1:17266 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17267 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17273 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17281 <-> DISABLED <-> SPECIFIC-THREATS Panda Antivirus ZOO archive decompression buffer overflow attempt (specific-threats.rules)
 * 1:17274 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:17334 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer SWF Flash File buffer overflow attempt (specific-threats.rules)
 * 1:17337 <-> ENABLED <-> SHELLCODE x86 Microsoft Win32 export table enumeration variant (shellcode.rules)
 * 1:17366 <-> ENABLED <-> WEB-CLIENT Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (web-client.rules)
 * 1:17345 <-> ENABLED <-> SHELLCODE x86 OS agnostic dword additive feedback decoder (shellcode.rules)
 * 1:17395 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (specific-threats.rules)
 * 1:17425 <-> ENABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (specific-threats.rules)
 * 1:17432 <-> DISABLED <-> WEB-MISC Squid Gopher protocol handling buffer overflow attempt (web-misc.rules)
 * 1:17484 <-> DISABLED <-> DNS squid proxy dns PTR record response denial of service attempt (dns.rules)
 * 1:17483 <-> DISABLED <-> DNS squid proxy dns A record response denial of service attempt (dns.rules)
 * 1:17485 <-> ENABLED <-> DNS Symantec Gateway products DNS cache poisoning attempt (dns.rules)
 * 1:17530 <-> ENABLED <-> SPECIFIC-THREATS HP OpenView Storage Data Protector Stack Buffer Overflow (specific-threats.rules)
 * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules)
 * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules)
 * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules)
 * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules)
 * 1:17723 <-> ENABLED <-> NETBIOS possible SMB replay attempt - overlapping encryption keys detected  (netbios.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17757 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules)
 * 1:17756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules)
 * 1:17759 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid SerAr object exploit attempt (specific-threats.rules)
 * 1:17807 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint integer underflow heap corruption attempt (web-client.rules)
 * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules)
 * 1:18067 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18077 <-> ENABLED <-> SPECIFIC-THREATS Mozilla products CSS rendering out-of-bounds array write attempt (specific-threats.rules)
 * 1:18078 <-> ENABLED <-> SPECIFIC-THREATS Mozilla products CSS rendering out-of-bounds array write attempt (specific-threats.rules)
 * 1:18174 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt (specific-threats.rules)
 * 1:18102 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader invalid PDF JavaScript extension call (file-pdf.rules)
 * 1:18175 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt (specific-threats.rules)
 * 1:18186 <-> ENABLED <-> SPECIFIC-THREATS Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (specific-threats.rules)
 * 1:18187 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox InstallTrigger.install memory corruption attempt (specific-threats.rules)
 * 1:18188 <-> ENABLED <-> SPECIFIC-THREATS Multiple browser marquee tag denial of service attempt (specific-threats.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18193 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:18212 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher tyo.oty field heap overflow attempt (specific-threats.rules)
 * 1:18214 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 97 conversion remote code execution attempt (specific-threats.rules)
 * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules)
 * 1:18236 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFFIM32.FLT filter memory corruption attempt (specific-threats.rules)
 * 1:18237 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (web-client.rules)
 * 1:18276 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Data Access Components library attempt (specific-threats.rules)
 * 1:18294 <-> ENABLED <-> SPECIFIC-THREATS Apple Safari Webkit floating point buffer overflow attempt (specific-threats.rules)
 * 1:18308 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader icc mluc interger overflow attempt (file-pdf.rules)
 * 1:18331 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules)
 * 1:18510 <-> ENABLED <-> WEB-CLIENT Apple QuickTime FlashPix Movie file integer overflow attempt (web-client.rules)
 * 1:18513 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL yaSSL SSL Hello Message Buffer Overflow attempt (specific-threats.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18518 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (specific-threats.rules)
 * 1:10193 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (web-activex.rules)
 * 1:10126 <-> DISABLED <-> WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules)
 * 1:10192 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (web-activex.rules)
 * 1:18535 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules)
 * 1:18550 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:18578 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (web-activex.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20556 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player PlaceObjectX null pointer dereference attempt (specific-threats.rules)
 * 1:18589 <-> DISABLED <-> SPECIFIC-THREATS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (specific-threats.rules)
 * 1:20717 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OLE versioned stream missing data stream (specific-threats.rules)
 * 1:18680 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18706 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18776 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Director pamm chunk memory corruption attempt (web-client.rules)
 * 1:18801 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules)
 * 1:18928 <-> DISABLED <-> WEB-CLIENT Apple QuickTime streaming debug error logging buffer overflow attempt (web-client.rules)
 * 1:18948 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint converter bad indirection remote code execution attempt (specific-threats.rules)
 * 1:18952 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows uniscribe fonts parsing memory corruption attempt (specific-threats.rules)
 * 1:18961 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18962 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:19011 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:19126 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19127 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19130 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules)
 * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules)
 * 1:19133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:19134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:19143 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (web-client.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:19144 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows MPEG Layer-3 audio heap corruption attempt (specific-threats.rules)
 * 1:19146 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (specific-threats.rules)
 * 1:19182 <-> DISABLED <-> SPECIFIC-THREATS strongSwan Certificate and Identification payload overflow attempt (specific-threats.rules)
 * 1:19260 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed MsoDrawingObject record attempt (specific-threats.rules)
 * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules)
 * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:19308 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows embedded OpenType EOT font integer overflow attempt (specific-threats.rules)
 * 1:19403 <-> ENABLED <-> SPECIFIC-THREATS Cinepak Codec VIDC decompression remote code execution attempt (specific-threats.rules)
 * 1:19412 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19419 <-> DISABLED <-> WEB-CLIENT Apple iOS 4.3.3 jailbreak for iPod download attempt (web-client.rules)
 * 1:19561 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealPlayer ieframe.dll ActiveX clsid access (web-activex.rules)
 * 1:19606 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19607 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word STSH record parsing memory corruption (specific-threats.rules)
 * 1:19677 <-> DISABLED <-> DNS Microsoft DNS NAPTR remote unauthenticated code execution vulnerability attempt (dns.rules)
 * 1:20150 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader embedded PCX parsing corruption attempt (specific-threats.rules)
 * 1:15399 <-> DISABLED <-> SCADA OMRON-FINS STOP attempt (scada.rules)
 * 1:14046 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMP Download Handler ActiveX function call access (web-activex.rules)
 * 1:15394 <-> DISABLED <-> SCADA OMRON-FINS program area protect attempt (scada.rules)
 * 1:13607 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (web-activex.rules)
 * 1:14044 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Playback Handler ActiveX function call access (web-activex.rules)
 * 1:13609 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (web-activex.rules)
 * 1:15390 <-> DISABLED <-> SCADA OMRON-FINS memory area fill attempt (scada.rules)
 * 1:15389 <-> DISABLED <-> SCADA OMRON-FINS memory area write attempt (scada.rules)
 * 1:14048 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RNX Download Handler ActiveX function call access (web-activex.rules)
 * 1:15393 <-> DISABLED <-> SCADA OMRON-FINS parameter area clear attempt (scada.rules)
 * 1:12767 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (web-activex.rules)
 * 1:13605 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RAM Download Handler ActiveX function call access (web-activex.rules)
 * 1:15391 <-> DISABLED <-> SCADA OMRON-FINS memory area transfer attempt (scada.rules)
 * 1:13222 <-> ENABLED <-> EXPLOIT Motorola Timbuktu crafted login request buffer overflow attempt (exploit.rules)
 * 1:12971 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:15392 <-> DISABLED <-> SCADA OMRON-FINS parameter area write attempt (scada.rules)
 * 1:15104 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (web-client.rules)
 * 1:13619 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows getBulkRequest memory corruption attempt (specific-threats.rules)
 * 1:15303 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (web-client.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:12775 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (specific-threats.rules)
 * 1:12768 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (web-activex.rules)
 * 1:14042 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer General Property Page ActiveX clsid access (web-activex.rules)
 * 1:14052 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Stream Handler ActiveX function call access (web-activex.rules)
 * 1:13603 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Download Handler ActiveX function call access (web-activex.rules)
 * 1:12766 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (web-activex.rules)
 * 1:14050 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (web-activex.rules)
 * 1:12642 <-> DISABLED <-> DOS RPC NTLMSSP malformed credentials (dos.rules)
 * 1:15396 <-> DISABLED <-> SCADA OMRON-FINS program area write attempt (scada.rules)
 * 1:15395 <-> DISABLED <-> SCADA OMRON-FINS program area protect clear attempt (scada.rules)
 * 1:10194 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (web-activex.rules)
 * 1:15397 <-> DISABLED <-> SCADA OMRON-FINS program area clear attempt (scada.rules)
 * 1:15400 <-> DISABLED <-> SCADA OMRON-FINS clock write attempt (scada.rules)