Sourcefire VRT Rules Update

Date: 2013-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:25687 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cohehonyhe.info (blacklist.rules)
 * 1:25685 <-> ENABLED <-> BLACKLIST DNS request for known malware domain basewibuxenagip.info (blacklist.rules)
 * 1:25689 <-> ENABLED <-> BLACKLIST DNS request for known malware domain decogonuwy.info (blacklist.rules)
 * 1:25686 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cefimoqicy.info (blacklist.rules)
 * 1:25688 <-> ENABLED <-> BLACKLIST DNS request for known malware domain covyqileju.info (blacklist.rules)
 * 1:25692 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dixegocixa.info (blacklist.rules)
 * 1:25691 <-> ENABLED <-> BLACKLIST DNS request for known malware domain diconybomo.info (blacklist.rules)
 * 1:25694 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fegufidaty.info (blacklist.rules)
 * 1:25693 <-> ENABLED <-> BLACKLIST DNS request for known malware domain favomavene.info (blacklist.rules)
 * 1:25744 <-> ENABLED <-> BLACKLIST DNS request for known malware domain freepornoreport.com (blacklist.rules)
 * 1:25645 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25648 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25633 <-> ENABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules)
 * 1:25631 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC WIN.Spy.Banker variant connect to cnc-server attempt (malware-cnc.rules)
 * 1:25630 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Ranson File Encrypter outbound communication (malware-cnc.rules)
 * 1:25626 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25624 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updete.servehttp.com - Win.Trojan.Jimpime (blacklist.rules)
 * 1:25621 <-> ENABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules)
 * 1:25622 <-> ENABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules)
 * 1:25620 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25618 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25619 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25616 <-> ENABLED <-> FILE-OTHER Apple iOS 6.x jailbreak download attempt (file-other.rules)
 * 1:25617 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25614 <-> ENABLED <-> OS-OTHER Apple iOS 6.x jailbreak download attempt (os-other.rules)
 * 1:25615 <-> ENABLED <-> FILE-OTHER Apple iOS 6.x jailbreak download attempt (file-other.rules)
 * 1:25612 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25613 <-> ENABLED <-> OS-OTHER Apple iOS 6.x jailbreak download attempt (os-other.rules)
 * 1:25611 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 redirection successful (exploit-kit.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25677 <-> ENABLED <-> FILE-FLASH malformed regular expression (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH malformed regular expression (file-flash.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25739 <-> ENABLED <-> BLACKLIST DNS request for known malware domain facesystem.in (blacklist.rules)
 * 1:25734 <-> ENABLED <-> BLACKLIST DNS request for known malware domain catalogpornosearch.com (blacklist.rules)
 * 1:25729 <-> ENABLED <-> BLACKLIST DNS request for known malware domain all-celeb.com (blacklist.rules)
 * 1:25724 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wezadifiha.info (blacklist.rules)
 * 1:25719 <-> ENABLED <-> BLACKLIST DNS request for known malware domain taqyhucoka.info (blacklist.rules)
 * 1:25714 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qudevyfiqa.info (blacklist.rules)
 * 1:25709 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mysotonego.info (blacklist.rules)
 * 1:25705 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lujuhijalu.info (blacklist.rules)
 * 1:25609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY Csound audio file file attachment detected (file-identify.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY Csound audio file file download request (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY Csound audio file file attachment detected (file-identify.rules)
 * 1:25607 <-> ENABLED <-> FILE-OTHER Csound hetro audio file buffer overflow attempt (file-other.rules)
 * 1:25608 <-> ENABLED <-> FILE-OTHER Csound hetro audio file buffer overflow attempt (file-other.rules)
 * 1:25690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain degupydoka.info (blacklist.rules)
 * 1:25695 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fenemusemy.info (blacklist.rules)
 * 1:25696 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fihyqukapy.info (blacklist.rules)
 * 1:25697 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fokizireheceduf.info (blacklist.rules)
 * 1:25698 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fyzuvejemuxoqiw.info (blacklist.rules)
 * 1:25699 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gecadutolu.info (blacklist.rules)
 * 1:25700 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gybejajehekyfet.info (blacklist.rules)
 * 1:25701 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hiveqemyrehinex.info (blacklist.rules)
 * 1:25702 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kyqehurevynyryk.info (blacklist.rules)
 * 1:25703 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lofyjisoxo.info (blacklist.rules)
 * 1:25704 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loqytylukykiruf.info (blacklist.rules)
 * 1:25706 <-> ENABLED <-> BLACKLIST DNS request for known malware domain luxohygity.info (blacklist.rules)
 * 1:25684 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bahufykyby.info (blacklist.rules)
 * 1:25707 <-> ENABLED <-> BLACKLIST DNS request for known malware domain moqawowyti.info (blacklist.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25682 <-> ENABLED <-> FILE-FLASH Adobe Flash Player embedded compact font detected (file-flash.rules)
 * 1:25708 <-> ENABLED <-> BLACKLIST DNS request for known malware domain musututefu.info (blacklist.rules)
 * 1:25710 <-> ENABLED <-> BLACKLIST DNS request for known malware domain negenezepu.info (blacklist.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25711 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pyziviziny.info (blacklist.rules)
 * 1:25680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player embedded compact font detected (file-flash.rules)
 * 1:25679 <-> ENABLED <-> FILE-FLASH malformed regular expression (file-flash.rules)
 * 1:25712 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qecytylohozariw.info (blacklist.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH malformed regular expression (file-flash.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25713 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qokimusanyveful.info (blacklist.rules)
 * 1:25715 <-> ENABLED <-> BLACKLIST DNS request for known malware domain radohowexehedun.info (blacklist.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25716 <-> ENABLED <-> BLACKLIST DNS request for known malware domain relusibeci.info (blacklist.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25717 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rulerykozu.info (blacklist.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25664 <-> ENABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules)
 * 1:25663 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25718 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sygonugeze.info (blacklist.rules)
 * 1:25659 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - spam_bot (blacklist.rules)
 * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules)
 * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules)
 * 1:25720 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tebejoturu.info (blacklist.rules)
 * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules)
 * 1:25652 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25721 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vesufopodu.info (blacklist.rules)
 * 1:25651 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Unknown exploit kit java dropped file (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25646 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25722 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vujygijehu.info (blacklist.rules)
 * 1:25647 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25644 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25723 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vyzefykeno.info (blacklist.rules)
 * 1:25725 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xatawihuvo.info (blacklist.rules)
 * 1:25726 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xohuhynevepeqyv.info (blacklist.rules)
 * 1:25727 <-> ENABLED <-> BLACKLIST DNS request for known malware domain zuhokasyku.info (blacklist.rules)
 * 1:25728 <-> ENABLED <-> BLACKLIST DNS request for known malware domain zykuxykevu.info (blacklist.rules)
 * 1:25730 <-> ENABLED <-> BLACKLIST DNS request for known malware domain allsearchforyou.in (blacklist.rules)
 * 1:25731 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bestpornodrive.com (blacklist.rules)
 * 1:25732 <-> ENABLED <-> BLACKLIST DNS request for known malware domain beststoresearch.com (blacklist.rules)
 * 1:25733 <-> ENABLED <-> BLACKLIST DNS request for known malware domain catalogforyou.com (blacklist.rules)
 * 1:25735 <-> ENABLED <-> BLACKLIST DNS request for known malware domain celebrity-info.com (blacklist.rules)
 * 1:25736 <-> ENABLED <-> BLACKLIST DNS request for known malware domain drafsddhjk.com (blacklist.rules)
 * 1:25737 <-> ENABLED <-> BLACKLIST DNS request for known malware domain easy-statistics.in (blacklist.rules)
 * 1:25738 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ekstaz.info (blacklist.rules)
 * 1:25742 <-> ENABLED <-> BLACKLIST DNS request for known malware domain findalleasy.com (blacklist.rules)
 * 1:25740 <-> ENABLED <-> BLACKLIST DNS request for known malware domain famouspeopledata.com (blacklist.rules)
 * 1:25741 <-> ENABLED <-> BLACKLIST DNS request for known malware domain famouspeopleinformation.com (blacklist.rules)
 * 1:25743 <-> ENABLED <-> BLACKLIST DNS request for known malware domain findallsimple.com (blacklist.rules)
 * 1:25745 <-> ENABLED <-> BLACKLIST DNS request for known malware domain freepornoshop.com (blacklist.rules)
 * 1:25754 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pornofreecatalogs.com (blacklist.rules)
 * 1:25755 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pornofreeforyou.com (blacklist.rules)
 * 1:25746 <-> ENABLED <-> BLACKLIST DNS request for known malware domain freesearchshop.com (blacklist.rules)
 * 1:25762 <-> ENABLED <-> BLACKLIST DNS request for known malware domain superstarsinfo.com (blacklist.rules)
 * 1:25752 <-> ENABLED <-> BLACKLIST DNS request for known malware domain newsearchshop.com (blacklist.rules)
 * 1:25747 <-> ENABLED <-> BLACKLIST DNS request for known malware domain localfreecatalog.com (blacklist.rules)
 * 1:25759 <-> ENABLED <-> BLACKLIST DNS request for known malware domain search-porno.info (blacklist.rules)
 * 1:25757 <-> ENABLED <-> BLACKLIST DNS request for known malware domain proshopcatalog.com (blacklist.rules)
 * 1:25753 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pornobeetle.com (blacklist.rules)
 * 1:25750 <-> ENABLED <-> BLACKLIST DNS request for known malware domain newpornopicture.com (blacklist.rules)
 * 1:25758 <-> ENABLED <-> BLACKLIST DNS request for known malware domain searchnecessary.com (blacklist.rules)
 * 1:25748 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loveplacecatalog.com (blacklist.rules)
 * 1:25761 <-> ENABLED <-> BLACKLIST DNS request for known malware domain shop-work.com (blacklist.rules)
 * 1:25760 <-> ENABLED <-> BLACKLIST DNS request for known malware domain shopcataloggroup.com (blacklist.rules)
 * 1:25763 <-> ENABLED <-> BLACKLIST DNS request for known malware domain winnerfree.com (blacklist.rules)
 * 1:25751 <-> ENABLED <-> BLACKLIST DNS request for known malware domain newsearchnecessary.com (blacklist.rules)
 * 1:25749 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lovepornomoney.com (blacklist.rules)
 * 1:25756 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pornowinner.com (blacklist.rules)

Modified Rules:


 * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules)
 * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules)
 * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:19484 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.alqt variant outbound connection (malware-cnc.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (file-multimedia.rules)
 * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules)
 * 1:16586 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:19653 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt (server-webapp.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 outbound connection (malware-backdoor.rules)
 * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20737 <-> DISABLED <-> SPECIFIC-THREATS 427BB cookie-based authentication bypass attempt (specific-threats.rules)
 * 1:20824 <-> DISABLED <-> DOS generic web server hashing collision attack (dos.rules)
 * 1:20872 <-> DISABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21629 <-> ENABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules)
 * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:21481 <-> DISABLED <-> FILE-OTHER Oracle Java Web Start arbitrary command execution attempt (file-other.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules)
 * 1:21994 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 DOM memory corruption attempt (browser-ie.rules)
 * 1:22104 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22106 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules)
 * 1:22108 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22109 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22105 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22107 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:2386 <-> DISABLED <-> SERVER-IIS NTLM ASN1 vulnerability scan attempt (server-iis.rules)
 * 1:23334 <-> ENABLED <-> MALWARE-CNC Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:25568 <-> ENABLED <-> EXPLOIT-KIT Blackhole Exploit Kit landing page retrieval (exploit-kit.rules)
 * 1:16234 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:25066 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules)
 * 1:1590 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt (server-webapp.rules)
 * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules)
 * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:25135 <-> DISABLED <-> EXPLOIT-KIT Styx Exploit Kit outbound connection (exploit-kit.rules)
 * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules)
 * 1:1536 <-> DISABLED <-> SERVER-WEBAPP calendar_admin.pl arbitrary command execution attempt (server-webapp.rules)
 * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules)
 * 1:1532 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh attempt (server-webapp.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:1522 <-> DISABLED <-> SERVER-WEBAPP ans.pl attempt (server-webapp.rules)
 * 1:25476 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent User-Agent (blacklist.rules)
 * 1:14041 <-> ENABLED <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (exploit.rules)
 * 1:14656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XSS mouseevent PII disclosure attempt (browser-ie.rules)
 * 1:14040 <-> ENABLED <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
 * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules)
 * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules)
 * 1:1258 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Manager DOS (server-webapp.rules)
 * 1:12221 <-> DISABLED <-> SERVER-WEBAPP file upload GLOBAL variable overwrite attempt (server-webapp.rules)
 * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules)
 * 1:18546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules)
 * 1:9642 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF codec list object parsing buffer overflow attempt (os-windows.rules)
 * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules)
 * 1:1095 <-> DISABLED <-> SERVER-WEBAPP Talentsoft Web+ Source Code view access (server-webapp.rules)
 * 1:1096 <-> DISABLED <-> SERVER-WEBAPP Talentsoft Web+ internal IP Address access (server-webapp.rules)
 * 1:1092 <-> DISABLED <-> SERVER-WEBAPP Armada Style Master Index directory traversal (server-webapp.rules)
 * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:9641 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF simple index object parsing buffer overflow attempt (os-windows.rules)
 * 1:9643 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt (os-windows.rules)
 * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules)
 * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:17562 <-> ENABLED <-> FILE-OTHER Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-other.rules)
 * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules)
 * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules)
 * 3:14655 <-> ENABLED <-> WEB-CLIENT Excel rept integer underflow attempt (web-client.rules)
 * 3:14772 <-> ENABLED <-> WEB-CLIENT libpng malformed chunk denial of service attempt (web-client.rules)
 * 3:16343 <-> ENABLED <-> WEB-CLIENT obfuscated header in PDF (web-client.rules)
 * 3:23180 <-> ENABLED <-> SMTP obfuscated header in PDF attachment (web-client.rules)