Sourcefire VRT Rules Update

Date: 2012-09-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24126 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24125 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Reader PDF JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules)
 * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24114 <-> DISABLED <-> SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (shellcode.rules)
 * 1:24113 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer 8 ieframe.dll ActiveX clsid access (web-activex.rules)
 * 1:24112 <-> DISABLED <-> WEB-PHP inTouch SQL injection in index.php user attempt (web-php.rules)
 * 1:24137 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24136 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24135 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24134 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24133 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24132 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24131 <-> ENABLED <-> WEB-MISC Visual Studio Team Web Access console cross site scripting attempt (web-misc.rules)
 * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules)
 * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules)
 * 1:24128 <-> DISABLED <-> WEB-MISC Microsoft SCCM ReportChart xss attempt (web-misc.rules)
 * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules)

Modified Rules:


 * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules)
 * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules)
 * 1:9429 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link scripting security bypass attempt (file-multimedia.rules)
 * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules)
 * 1:5319 <-> DISABLED <-> WEB-CLIENT Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
 * 1:4680 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file component name integer overflow attempt (file-multimedia.rules)
 * 1:2418 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal Server no encryption session initiation attempt (policy-other.rules)
 * 1:24102 <-> ENABLED <-> MALWARE-OTHER Possible Kuluoz spamvertised URL in email (malware-other.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24091 <-> DISABLED <-> WEB-MISC SAP NetWeaver SOAP interface command injection attempt (web-misc.rules)
 * 1:24085 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24083 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24073 <-> DISABLED <-> FILE-IDENTIFY GZip file attachment detected (file-identify.rules)
 * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules)
 * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules)
 * 1:24066 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24064 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24058 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24056 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24044 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:24042 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:24040 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:24039 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX function call access (web-activex.rules)
 * 1:24038 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24036 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules)
 * 1:24027 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24025 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24023 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24021 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24006 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-multimedia.rules)
 * 1:24005 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control access (file-office.rules)
 * 1:24003 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24002 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24001 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24000 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:23992 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules)
 * 1:23986 <-> DISABLED <-> WEB-ACTIVEX Apple Quicktime plugin SetLanguage buffer overflow attempt (web-activex.rules)
 * 1:23970 <-> DISABLED <-> INDICATOR-OBFUSCATION Malvertising redirection attempt - script (indicator-obfuscation.rules)
 * 1:23965 <-> DISABLED <-> SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (scada.rules)
 * 1:23964 <-> DISABLED <-> SCADA BroadWin WebAccess Client format string exploit attempt (scada.rules)
 * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23903 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - you (blacklist.rules)
 * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Reader collab.collectEmailInfo exploit attempt (file-pdf.rules)
 * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:23893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23884 <-> DISABLED <-> FILE-PDF Adober Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules)
 * 1:23881 <-> ENABLED <-> FILE-PDF Adobe Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Reader Texture Declaration buffer overflow attempt (file-pdf.rules)
 * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules)
 * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Reader invalid inline image attempt (file-pdf.rules)
 * 1:23869 <-> ENABLED <-> FILE-PDF Adobe Reader invalid inline image attempt (file-pdf.rules)
 * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Reader invalid inline image attempt (file-pdf.rules)
 * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Reader invalid font WeightVector attempt (file-pdf.rules)
 * 1:23859 <-> DISABLED <-> SHELLCODE heapspray characters detected - hexadecimal encoding (shellcode.rules)
 * 1:23857 <-> DISABLED <-> SHELLCODE heapspray characters detected - ASCII (shellcode.rules)
 * 1:23852 <-> ENABLED <-> FILE-PDF Blackhole related malicious file detection (file-pdf.rules)
 * 1:23845 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-multimedia.rules)
 * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules)
 * 1:23835 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23793 <-> DISABLED <-> WEB-PHP use-after-free in substr_replace attempt (web-php.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules)
 * 1:23767 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows hlp file magic detected (file-identify.rules)
 * 1:23766 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules)
 * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23751 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23750 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23719 <-> ENABLED <-> FILE-IDENTIFY Apple Mach-O executable file magic detected (file-identify.rules)
 * 1:23718 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules)
 * 1:23717 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules)
 * 1:23716 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules)
 * 1:23715 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules)
 * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules)
 * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules)
 * 1:23705 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules)
 * 1:23704 <-> ENABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules)
 * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23694 <-> DISABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23692 <-> DISABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23690 <-> DISABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23686 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23675 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23674 <-> DISABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23673 <-> DISABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23672 <-> DISABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23671 <-> DISABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23669 <-> DISABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23668 <-> DISABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23665 <-> DISABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23662 <-> DISABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23660 <-> DISABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23649 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23646 <-> DISABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23644 <-> DISABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23643 <-> DISABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23642 <-> DISABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23641 <-> DISABLED <-> FILE-IDENTIFY GZip file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules)
 * 1:23510 <-> ENABLED <-> FILE-PDF Adobe Reader File containing Flash use-after-free attack attempt (file-pdf.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23185 <-> DISABLED <-> FILE-IDENTIFY mwv file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Reader XDP encoded download attempt (file-pdf.rules)
 * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules)
 * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules)
 * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules)
 * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules)
 * 1:22102 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:22088 <-> ENABLED <-> EXPLOIT-KIT Blackhole Exploit Kit javascript service method (exploit-kit.rules)
 * 1:21754 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:21483 <-> DISABLED <-> SCADA Moxa Device Manager buffer overflow attempt (scada.rules)
 * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules)
 * 1:20647 <-> DISABLED <-> WEB-PHP inTouch SQL injection in index.php user attempt (web-php.rules)
 * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Reader PDF JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules)
 * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules)
 * 1:18612 <-> ENABLED <-> WEB-MISC Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (web-misc.rules)
 * 1:18513 <-> DISABLED <-> MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (mysql.rules)
 * 1:18168 <-> DISABLED <-> SHELLCODE Possible generic javascript heap spray attempt (shellcode.rules)
 * 1:18167 <-> DISABLED <-> SHELLCODE Possible generic javascript heap spray attempt (shellcode.rules)
 * 1:1752 <-> DISABLED <-> POLICY-SOCIAL AIM AddExternalApp attempt (policy-social.rules)
 * 1:17373 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules)
 * 1:17211 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules)
 * 1:16633 <-> ENABLED <-> FILE-PDF Adobe Reader File containing Flash use-after-free attack attempt (file-pdf.rules)
 * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Reader alternate file magic obfuscation (file-pdf.rules)
 * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Reader start-of-file alternate header obfuscation (file-pdf.rules)
 * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules)
 * 1:15728 <-> ENABLED <-> FILE-PDF Possible Adobe Reader ActionScript byte_array heap spray attempt (file-pdf.rules)
 * 1:15698 <-> DISABLED <-> SHELLCODE Possible generic javascript heap spray attempt (shellcode.rules)
 * 1:15384 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:15358 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:15357 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules)
 * 1:1448 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server request attempt (policy-other.rules)
 * 1:1447 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server RDP attempt (policy-other.rules)
 * 1:1393 <-> DISABLED <-> POLICY-SOCIAL AIM AddGame attempt (policy-social.rules)
 * 1:13912 <-> ENABLED <-> SPECIFIC-THREATS isComponentInstalled attack attempt (specific-threats.rules)
 * 1:13816 <-> DISABLED <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules)
 * 1:13714 <-> DISABLED <-> MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (mysql.rules)
 * 1:13516 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules)
 * 1:11682 <-> DISABLED <-> SPECIFIC-THREATS niprint_lpd module attack attempt (specific-threats.rules)
 * 3:11672 <-> ENABLED <-> MISC Mozilla Network Security Services SSLv2 stack overflow attempt (misc.rules)