Sourcefire VRT Rules Update

Date: 2012-04-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21699 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21694 <-> DISABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21693 <-> DISABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21690 <-> DISABLED <-> FILE-IDENTIFY Hypertext Markup Language file attachment detected (file-identify.rules)
 * 1:21689 <-> DISABLED <-> FILE-IDENTIFY Hypertext Markup Language file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)

Modified Rules:


 * 1:9430 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Movie link file URI security bypass attempt (web-client.rules)
 * 1:9429 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Movie link scripting security bypass attempt (web-client.rules)
 * 1:8426 <-> DISABLED <-> MISC SSLv3 openssl get shared ciphers overflow attempt (misc.rules)
 * 1:7205 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel FngGroupCount record overflow attempt (web-client.rules)
 * 1:7024 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:7002 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:6506 <-> DISABLED <-> WEB-CLIENT Apple QuickTime udta atom overflow attempt (web-client.rules)
 * 1:6505 <-> DISABLED <-> WEB-CLIENT Apple QuickTime fpx file SectNumMiniFAT overflow attempt (web-client.rules)
 * 1:6471 <-> DISABLED <-> EXPLOIT RealVNC password authentication bypass attempt (exploit.rules)
 * 1:6470 <-> DISABLED <-> EXPLOIT RealVNC authentication types without None type sent attempt (exploit.rules)
 * 1:647 <-> DISABLED <-> SHELLCODE Oracle sparc setuid 0 (shellcode.rules)
 * 1:6469 <-> DISABLED <-> EXPLOIT RealVNC connection attempt (exploit.rules)
 * 1:4680 <-> DISABLED <-> WEB-CLIENT Apple QuickTime movie file component name integer overflow attempt (web-client.rules)
 * 1:4679 <-> DISABLED <-> WEB-CLIENT Apple QuickTime movie file component name integer overflow multipacket attempt (web-client.rules)
 * 1:3632 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow attempt (web-client.rules)
 * 1:3591 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:2435 <-> DISABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20933 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20931 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20929 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20917 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20725 <-> DISABLED <-> DOS Oracle Solaris in.rwhod hostname denial of service attempt (dos.rules)
 * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20513 <-> DISABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20160 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server successful authentication bypass attempt (web-misc.rules)
 * 1:20159 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server authentication bypass attempt (web-misc.rules)
 * 1:20158 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server default credentials login attempt (web-misc.rules)
 * 1:20157 <-> DISABLED <-> POLICY Oracle GlassFish Server war file upload attempt (policy.rules)
 * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:18710 <-> DISABLED <-> SPECIFIC-THREATS McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (specific-threats.rules)
 * 1:18615 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18595 <-> DISABLED <-> SPECIFIC-THREATS Trend Micro Web Deployment ActiveX clsid access (specific-threats.rules)
 * 1:18594 <-> DISABLED <-> SPECIFIC-THREATS Trend Micro Web Deployment ActiveX clsid access (specific-threats.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18592 <-> DISABLED <-> SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit (specific-threats.rules)
 * 1:18583 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18561 <-> DISABLED <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules)
 * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption (file-office.rules)
 * 1:18510 <-> ENABLED <-> WEB-CLIENT Apple QuickTime FlashPix Movie file integer overflow attempt (web-client.rules)
 * 1:18275 <-> DISABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:17740 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime FlashPix processing overflow attempt (specific-threats.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17734 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17727 <-> DISABLED <-> SPECIFIC-THREATS Oracle JDK image parsing library ICC buffer overflow attempt (specific-threats.rules)
 * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules)
 * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 overflow attempt (netbios.rules)
 * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 object call overflow attempt (netbios.rules)
 * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian overflow attempt (netbios.rules)
 * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian object call overflow attempt (netbios.rules)
 * 1:17633 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SWF frame handling buffer overflow attempt (web-client.rules)
 * 1:17624 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (specific-threats.rules)
 * 1:17623 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (specific-threats.rules)
 * 1:17610 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17601 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox file type memory corruption attempt (web-client.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17577 <-> ENABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:17548 <-> ENABLED <-> WEB-CLIENT Apple QuickTime SMIL File Handling Integer Overflow attempt (web-client.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17538 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel unspecified memory corruption attempt (specific-threats.rules)
 * 1:17531 <-> ENABLED <-> SPECIFIC-THREATS Apple Quicktime MOV file JVTCompEncodeFrame heap overflow attempt (specific-threats.rules)
 * 1:17523 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow (specific-threats.rules)
 * 1:17510 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17430 <-> ENABLED <-> SPECIFIC-THREATS BitDefender Antivirus PDF processing memory corruption attempt (specific-threats.rules)
 * 1:17403 <-> ENABLED <-> FILE-OTHER OpenOffice RTF File parsing heap buffer overflow attempt (file-other.rules)
 * 1:17395 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (specific-threats.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17381 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime PDAT Atom parsing buffer overflow attempt (specific-threats.rules)
 * 1:17379 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17378 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17372 <-> ENABLED <-> WEB-CLIENT Apple QuickTime udta atom parsing heap overflow vulnerability (web-client.rules)
 * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules)
 * 1:17361 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (specific-threats.rules)
 * 1:17333 <-> DISABLED <-> SMTP Lotus Notes Attachment Viewer UUE file buffer overflow attempt (smtp.rules)
 * 1:17330 <-> DISABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17306 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Malware Protection Engine file processing denial of service attempt (specific-threats.rules)
 * 1:17304 <-> ENABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules)
 * 1:17284 <-> DISABLED <-> WEB-CLIENT Microsoft Office malformed routing slip code execution attempt (web-client.rules)
 * 1:17278 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17277 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17276 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17231 <-> DISABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17211 <-> ENABLED <-> WEB-CLIENT Apple QuickTime marshaled punk remote code execution (web-client.rules)
 * 1:16682 <-> DISABLED <-> WEB-MISC Oracle ONE Web Server JSP source code disclosure attempt (web-misc.rules)
 * 1:16612 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (web-client.rules)
 * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:16520 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing path overflow attempt (web-client.rules)
 * 1:16519 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing name overflow attempt (web-client.rules)
 * 1:16518 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing announce overflow attempt (web-client.rules)
 * 1:16517 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing comment overflow attempt (web-client.rules)
 * 1:16360 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Image Description Atom sign extension memory corruption attempt (web-client.rules)
 * 1:16291 <-> DISABLED <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules)
 * 1:16206 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows DNS server spoofing attempt (specific-threats.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16055 <-> DISABLED <-> WEB-CLIENT Apple iTunes AAC file handling integer overflow attempt (web-client.rules)
 * 1:16054 <-> DISABLED <-> WEB-CLIENT Apple QuickTime bitmap multiple header overflow (web-client.rules)
 * 1:15993 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules)
 * 1:15909 <-> DISABLED <-> WEB-CLIENT Apple QuickTime VR Track Header Atom heap corruption attempt (web-client.rules)
 * 1:15901 <-> ENABLED <-> MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (multimedia.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15873 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox location spoofing via invalid window.open characters (web-client.rules)
 * 1:15872 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox defineSetter function pointer memory corruption attempt (web-client.rules)
 * 1:15871 <-> ENABLED <-> WEB-CLIENT FFmpeg 4xm processing memory corruption attempt (web-client.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15709 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15559 <-> ENABLED <-> WEB-CLIENT Apple QuickTime Movie File Clipping Region handling heap buffer overflow attempt (web-client.rules)
 * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader getAnnots exploit attempt (file-pdf.rules)
 * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules)
 * 1:15480 <-> ENABLED <-> WEB-CLIENT Apple QuickTime movie record invalid version number exploit attempt (web-client.rules)
 * 1:15472 <-> DISABLED <-> WEB-CLIENT Multiple MP3 player PLS buffer overflow attempt (web-client.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15241 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15238 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime for Java toQTPointer function memory corruption attempt (specific-threats.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15191 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox animated PNG processing integer overflow (specific-threats.rules)
 * 1:15166 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player RealText buffer overflow attempt (web-client.rules)
 * 1:15163 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio Object Header Buffer Overflow attempt (specific-threats.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15157 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt (web-client.rules)
 * 1:15080 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (multimedia.rules)
 * 1:15014 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:14039 <-> ENABLED <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:13920 <-> ENABLED <-> WEB-CLIENT Apple QuickTime Obji Atom parsing stack buffer overflow attempt (web-client.rules)
 * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules)
 * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules)
 * 1:13516 <-> ENABLED <-> WEB-CLIENT Apple QuickTime HTTP error response buffer overflow (web-client.rules)
 * 1:13515 <-> ENABLED <-> WEB-CLIENT Apple QuickTime user agent (web-client.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13320 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules)
 * 1:13319 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules)
 * 1:13318 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules)
 * 1:13317 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules)
 * 1:13316 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules)
 * 1:13211 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:13210 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:12983 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules)
 * 1:12978 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12977 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12757 <-> ENABLED <-> WEB-CLIENT Apple QuickTime uncompressed PICT stack overflow attempt (web-client.rules)
 * 1:12746 <-> ENABLED <-> EXPLOIT Apple QuickTime STSD atom overflow attempt (exploit.rules)
 * 1:12745 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture metadata buffer overflow attempt (web-client.rules)
 * 1:12744 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC VORBIS string buffer overflow attempt (web-client.rules)
 * 1:12743 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture description metadata buffer overflow attempt (web-client.rules)
 * 1:12707 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules)
 * 1:12472 <-> ENABLED <-> WEB-ACTIVEX Oracle Java Web Start ActiveX clsid access (web-activex.rules)
 * 1:12474 <-> ENABLED <-> WEB-ACTIVEX Oracle Java Web Start ActiveX function call access (web-activex.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file magic detected (file-identify.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file download request (file-identify.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12219 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (web-client.rules)
 * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules)
 * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules)
 * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules)
 * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11836 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules)
 * 1:11290 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11267 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop PNG file handling stack buffer overflow attempt (web-client.rules)
 * 1:11180 <-> DISABLED <-> WEB-CLIENT Apple QuickTime movie ftyp buffer underflow (web-client.rules)
 * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules)
 * 1:10900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules)
 * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
 * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules)
 * 1:10063 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox query interface suspicious function call access attempt (web-client.rules)
 * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
 * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules)
 * 3:21619 <-> ENABLED <-> EXPLOIT Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (exploit.rules)