Sourcefire VRT Rules Update

Date: 2012-10-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound communication (malware-cnc.rules)
 * 1:24481 <-> ENABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24480 <-> DISABLED <-> SCADA WellinTech Kingview HMI history server buffer overflow attempt (scada.rules)
 * 1:24479 <-> ENABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24478 <-> ENABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24477 <-> ENABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24476 <-> ENABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24475 <-> ENABLED <-> EXPLOIT-KIT Blackhole - Cookie Set (exploit-kit.rules)
 * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules)
 * 1:24473 <-> DISABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24472 <-> DISABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24471 <-> DISABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24470 <-> DISABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24469 <-> DISABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24468 <-> DISABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24467 <-> DISABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24466 <-> DISABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24462 <-> DISABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24461 <-> DISABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24460 <-> DISABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24459 <-> DISABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules)
 * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules)
 * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules)
 * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules)
 * 1:24448 <-> ENABLED <-> WEB-MISC HP SiteScope UploadFilesHandler directory traversal attempt (web-misc.rules)
 * 1:24447 <-> ENABLED <-> WEB-MISC HP SiteScope DownloadFilesHandler directory traversal attempt (web-misc.rules)
 * 1:24446 <-> DISABLED <-> EXPLOIT EMC NetWorker SunRPC format string attempt (exploit.rules)
 * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24442 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Alerter COM (blacklist.rules)
 * 1:24441 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Testing (blacklist.rules)
 * 1:24440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chiviper outbound connection attempt (malware-cnc.rules)
 * 1:24439 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Go http package (blacklist.rules)
 * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24436 <-> ENABLED <-> WEB-MISC Novell ZENworks Asset Management default admin credentials function call attempt (web-misc.rules)
 * 1:24435 <-> ENABLED <-> WEB-MISC Novell ZENworks Asset Management default admin credentials function call attempt (web-misc.rules)
 * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules)
 * 1:24433 <-> ENABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules)
 * 1:24432 <-> ENABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules)
 * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules)
 * 1:24425 <-> DISABLED <-> SCADA Sinapsi command injection attempt (scada.rules)
 * 1:24424 <-> DISABLED <-> SCADA Sinapsi SQL hard coded user login attempt (scada.rules)
 * 1:24423 <-> DISABLED <-> SCADA Sinapsi SQL hard coded user login attempt (scada.rules)
 * 1:24422 <-> DISABLED <-> SCADA Sinapsi SQL injection attempt (scada.rules)
 * 1:24421 <-> DISABLED <-> SCADA Sinapsi SQL injection attempt (scada.rules)
 * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection established (malware-cnc.rules)
 * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection established (malware-cnc.rules)
 * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection established (malware-cnc.rules)
 * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection established (malware-cnc.rules)
 * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection established (malware-cnc.rules)

Modified Rules:


 * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules)
 * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules)
 * 1:5701 <-> DISABLED <-> PROTOCOL-IMAP status directory traversal attempt (protocol-imap.rules)
 * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE directory traversal attempt (protocol-imap.rules)
 * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules)
 * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules)
 * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules)
 * 1:601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin LinuxNIS (protocol-services.rules)
 * 1:602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin bin (protocol-services.rules)
 * 1:603 <-> DISABLED <-> PROTOCOL-SERVICES rlogin echo++ (protocol-services.rules)
 * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES rsh froot (protocol-services.rules)
 * 1:605 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules)
 * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules)
 * 1:607 <-> DISABLED <-> PROTOCOL-SERVICES rsh bin (protocol-services.rules)
 * 1:608 <-> DISABLED <-> PROTOCOL-SERVICES rsh echo + + (protocol-services.rules)
 * 1:609 <-> DISABLED <-> PROTOCOL-SERVICES rsh froot (protocol-services.rules)
 * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules)
 * 1:611 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules)
 * 1:638 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules)
 * 1:639 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules)
 * 1:640 <-> DISABLED <-> INDICATOR-SHELLCODE AIX NOOP (indicator-shellcode.rules)
 * 1:641 <-> DISABLED <-> INDICATOR-SHELLCODE Digital UNIX NOOP (indicator-shellcode.rules)
 * 1:642 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules)
 * 1:643 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules)
 * 1:644 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:645 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:646 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules)
 * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules)
 * 1:649 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setgid 0 (indicator-shellcode.rules)
 * 1:650 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setuid 0 (indicator-shellcode.rules)
 * 1:6513 <-> DISABLED <-> PROTOCOL-VOIP Asterisk IAX2 truncated video mini-frame packet overflow attempt (protocol-voip.rules)
 * 1:6514 <-> DISABLED <-> PROTOCOL-VOIP Asterisk IAX2 truncated full-frame packet overflow attempt (protocol-voip.rules)
 * 1:6515 <-> DISABLED <-> PROTOCOL-VOIP Asterisk IAX2 truncated mini-frame packet overflow attempt (protocol-voip.rules)
 * 1:652 <-> DISABLED <-> INDICATOR-SHELLCODE Linux shellcode (indicator-shellcode.rules)
 * 1:8415 <-> DISABLED <-> PROTOCOL-FTP SIZE overflow attempt (protocol-ftp.rules)
 * 1:8445 <-> DISABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:8479 <-> DISABLED <-> PROTOCOL-FTP HELP overflow attempt (protocol-ftp.rules)
 * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules)
 * 1:8730 <-> DISABLED <-> DOS record route rr denial of service attempt (dos.rules)
 * 1:9792 <-> DISABLED <-> PROTOCOL-FTP PASV overflow attempt (protocol-ftp.rules)
 * 1:333 <-> DISABLED <-> PROTOCOL-FINGER . query (protocol-finger.rules)
 * 1:332 <-> DISABLED <-> PROTOCOL-FINGER 0 query (protocol-finger.rules)
 * 1:331 <-> DISABLED <-> PROTOCOL-FINGER cybercop query (protocol-finger.rules)
 * 1:330 <-> DISABLED <-> PROTOCOL-FINGER redirection attempt (protocol-finger.rules)
 * 1:328 <-> DISABLED <-> PROTOCOL-FINGER bomb attempt (protocol-finger.rules)
 * 1:327 <-> DISABLED <-> PROTOCOL-FINGER remote command pipe execution attempt (protocol-finger.rules)
 * 1:326 <-> DISABLED <-> PROTOCOL-FINGER remote command execution attempt (protocol-finger.rules)
 * 1:324 <-> DISABLED <-> PROTOCOL-FINGER null request (protocol-finger.rules)
 * 1:323 <-> DISABLED <-> PROTOCOL-FINGER root query (protocol-finger.rules)
 * 1:322 <-> DISABLED <-> PROTOCOL-FINGER search query (protocol-finger.rules)
 * 1:321 <-> DISABLED <-> PROTOCOL-FINGER account enumeration attempt (protocol-finger.rules)
 * 1:320 <-> DISABLED <-> PROTOCOL-FINGER cmd_rootsh backdoor attempt (protocol-finger.rules)
 * 1:3151 <-> DISABLED <-> PROTOCOL-FINGER / execution attempt (protocol-finger.rules)
 * 1:314 <-> DISABLED <-> DNS Bind Buffer Overflow named tsig overflow attempt (dns.rules)
 * 1:3077 <-> DISABLED <-> PROTOCOL-FTP RNFR overflow attempt (protocol-ftp.rules)
 * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules)
 * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules)
 * 1:3074 <-> ENABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules)
 * 1:3073 <-> ENABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules)
 * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP status overflow attempt (protocol-imap.rules)
 * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:3069 <-> ENABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules)
 * 1:3068 <-> ENABLED <-> PROTOCOL-IMAP examine overflow attempt (protocol-imap.rules)
 * 1:3067 <-> ENABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules)
 * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP append overflow attempt (protocol-imap.rules)
 * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules)
 * 1:3058 <-> DISABLED <-> PROTOCOL-IMAP copy literal overflow attempt (protocol-imap.rules)
 * 1:303 <-> DISABLED <-> DNS Bind Buffer Overflow named tsig overflow attempt (dns.rules)
 * 1:302 <-> DISABLED <-> OS-LINUX Redhat 7.0 lprd overflow (os-linux.rules)
 * 1:3017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules)
 * 1:3008 <-> DISABLED <-> PROTOCOL-IMAP delete literal overflow attempt (protocol-imap.rules)
 * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules)
 * 1:290 <-> DISABLED <-> PROTOCOL-POP EXPLOIT qpopper overflow (protocol-pop.rules)
 * 1:289 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 SCO overflow (protocol-pop.rules)
 * 1:288 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 Linux overflow (protocol-pop.rules)
 * 1:287 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules)
 * 1:286 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules)
 * 1:2666 <-> DISABLED <-> PROTOCOL-POP PASS format string attempt (protocol-pop.rules)
 * 1:2665 <-> ENABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules)
 * 1:2664 <-> DISABLED <-> PROTOCOL-IMAP login format string attempt (protocol-imap.rules)
 * 1:261 <-> DISABLED <-> DNS Bind named overflow attempt (dns.rules)
 * 1:260 <-> DISABLED <-> DNS Bind Buffer Overflow via NXT records named overflow ADMROCKS (dns.rules)
 * 1:259 <-> DISABLED <-> DNS Bind Buffer Overflow via NXT records named overflow ADM (dns.rules)
 * 1:258 <-> DISABLED <-> DNS Bind Buffer Overflow via NXT records (dns.rules)
 * 1:2546 <-> DISABLED <-> PROTOCOL-FTP MDTM overflow attempt (protocol-ftp.rules)
 * 1:2449 <-> DISABLED <-> PROTOCOL-FTP ALLO overflow attempt (protocol-ftp.rules)
 * 1:24396 <-> DISABLED <-> DDOS itsoknoproblembro TCP flood (ddos.rules)
 * 1:24395 <-> DISABLED <-> DDOS itsoknoproblembro TCP flood (ddos.rules)
 * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules)
 * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules)
 * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules)
 * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor query attempt (protocol-icmp.rules)
 * 1:24300 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules)
 * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules)
 * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules)
 * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules)
 * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules)
 * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules)
 * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules)
 * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2416 <-> DISABLED <-> PROTOCOL-FTP invalid MDTM command attempt (protocol-ftp.rules)
 * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules)
 * 1:2409 <-> DISABLED <-> PROTOCOL-POP APOP USER overflow attempt (protocol-pop.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24006 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules)
 * 1:2391 <-> DISABLED <-> PROTOCOL-FTP APPE overflow attempt (protocol-ftp.rules)
 * 1:2390 <-> DISABLED <-> PROTOCOL-FTP STOU overflow attempt (protocol-ftp.rules)
 * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules)
 * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules)
 * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules)
 * 1:23844 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules)
 * 1:2374 <-> ENABLED <-> PROTOCOL-FTP NLST overflow attempt (protocol-ftp.rules)
 * 1:2373 <-> DISABLED <-> PROTOCOL-FTP XMKD overflow attempt (protocol-ftp.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules)
 * 1:23466 <-> ENABLED <-> WEB-MISC IBM System Storage DS storage manager profiler XSS attempt (web-misc.rules)
 * 1:2344 <-> DISABLED <-> PROTOCOL-FTP XCWD overflow attempt (protocol-ftp.rules)
 * 1:2343 <-> DISABLED <-> PROTOCOL-FTP STOR overflow attempt (protocol-ftp.rules)
 * 1:2340 <-> DISABLED <-> PROTOCOL-FTP SITE CHMOD overflow attempt (protocol-ftp.rules)
 * 1:2338 <-> ENABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules)
 * 1:2333 <-> DISABLED <-> PROTOCOL-FTP RENAME format string attempt (protocol-ftp.rules)
 * 1:2332 <-> DISABLED <-> PROTOCOL-FTP MKD format string attempt (protocol-ftp.rules)
 * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:2330 <-> ENABLED <-> PROTOCOL-IMAP auth overflow attempt (protocol-imap.rules)
 * 1:23236 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case javascript decoder (indicator-shellcode.rules)
 * 1:23222 <-> ENABLED <-> EXPLOIT-KIT RedKit Landing Page Received - applet and 5 digit jar attempt (exploit-kit.rules)
 * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules)
 * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules)
 * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules)
 * 1:2274 <-> DISABLED <-> PROTOCOL-POP login brute force attempt (protocol-pop.rules)
 * 1:2273 <-> DISABLED <-> PROTOCOL-IMAP login brute force attempt (protocol-imap.rules)
 * 1:2272 <-> DISABLED <-> PROTOCOL-FTP LIST integer overflow attempt (protocol-ftp.rules)
 * 1:2250 <-> DISABLED <-> PROTOCOL-POP USER format string attempt (protocol-pop.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:22088 <-> ENABLED <-> EXPLOIT-KIT Blackhole Exploit Kit javascript service method (exploit-kit.rules)
 * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21907 <-> ENABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules)
 * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules)
 * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules)
 * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules)
 * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules)
 * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules)
 * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Asterisk expires header denial of service attempt (protocol-voip.rules)
 * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules)
 * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules)
 * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules)
 * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules)
 * 1:2122 <-> DISABLED <-> PROTOCOL-POP UIDL negative argument attempt (protocol-pop.rules)
 * 1:2121 <-> DISABLED <-> PROTOCOL-POP DELE negative argument attempt (protocol-pop.rules)
 * 1:2120 <-> DISABLED <-> PROTOCOL-IMAP create literal buffer overflow attempt (protocol-imap.rules)
 * 1:2119 <-> DISABLED <-> PROTOCOL-IMAP rename literal overflow attempt (protocol-imap.rules)
 * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules)
 * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules)
 * 1:2114 <-> DISABLED <-> PROTOCOL-SERVICES rexec password overflow attempt (protocol-services.rules)
 * 1:2113 <-> DISABLED <-> PROTOCOL-SERVICES rexec username overflow attempt (protocol-services.rules)
 * 1:2112 <-> DISABLED <-> PROTOCOL-POP RSET overflow attempt (protocol-pop.rules)
 * 1:2111 <-> DISABLED <-> PROTOCOL-POP DELE overflow attempt (protocol-pop.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:2110 <-> DISABLED <-> PROTOCOL-POP STAT overflow attempt (protocol-pop.rules)
 * 1:2109 <-> DISABLED <-> PROTOCOL-POP TOP overflow attempt (protocol-pop.rules)
 * 1:2108 <-> DISABLED <-> PROTOCOL-POP CAPA overflow attempt (protocol-pop.rules)
 * 1:2107 <-> DISABLED <-> PROTOCOL-IMAP create buffer overflow attempt (protocol-imap.rules)
 * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules)
 * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules)
 * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules)
 * 1:20989 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules)
 * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Asterisk data length field overflow attempt (protocol-voip.rules)
 * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules)
 * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:2046 <-> DISABLED <-> PROTOCOL-IMAP partial body.peek buffer overflow attempt (protocol-imap.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules)
 * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules)
 * 1:1394 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ecx NOOP (indicator-shellcode.rules)
 * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules)
 * 1:1379 <-> DISABLED <-> PROTOCOL-FTP STAT overflow attempt (protocol-ftp.rules)
 * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13513 <-> DISABLED <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20395 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules)
 * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20369 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20368 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20322 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20199 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules)
 * 1:20198 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules)
 * 1:20197 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules)
 * 1:20196 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules)
 * 1:20195 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules)
 * 1:20194 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules)
 * 1:20193 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules)
 * 1:20192 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules)
 * 1:20191 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules)
 * 1:20190 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules)
 * 1:20189 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules)
 * 1:20188 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules)
 * 1:20187 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules)
 * 1:20186 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules)
 * 1:20185 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules)
 * 1:20184 <-> ENABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules)
 * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules)
 * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules)
 * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules)
 * 1:1974 <-> DISABLED <-> PROTOCOL-FTP REST overflow attempt (protocol-ftp.rules)
 * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules)
 * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules)
 * 1:1971 <-> DISABLED <-> PROTOCOL-FTP SITE EXEC format string attempt (protocol-ftp.rules)
 * 1:19678 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote unauthenticated DoS/bugcheck vulnerability (os-windows.rules)
 * 1:19438 <-> DISABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules)
 * 1:1942 <-> DISABLED <-> PROTOCOL-FTP RMDIR overflow attempt (protocol-ftp.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:1938 <-> DISABLED <-> PROTOCOL-POP XTND overflow attempt (protocol-pop.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:1937 <-> DISABLED <-> PROTOCOL-POP LIST overflow attempt (protocol-pop.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:1936 <-> DISABLED <-> PROTOCOL-POP AUTH overflow attempt (protocol-pop.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:1930 <-> ENABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules)
 * 1:19288 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules)
 * 1:19287 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules)
 * 1:19286 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules)
 * 1:19285 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules)
 * 1:19284 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules)
 * 1:19283 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules)
 * 1:19282 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules)
 * 1:19281 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules)
 * 1:1921 <-> DISABLED <-> PROTOCOL-FTP SITE ZIPCHK overflow attempt (protocol-ftp.rules)
 * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules)
 * 1:1920 <-> DISABLED <-> PROTOCOL-FTP SITE NEWER overflow attempt (protocol-ftp.rules)
 * 1:1919 <-> DISABLED <-> PROTOCOL-FTP CWD overflow attempt (protocol-ftp.rules)
 * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules)
 * 1:1904 <-> DISABLED <-> PROTOCOL-IMAP find overflow attempt (protocol-imap.rules)
 * 1:1903 <-> DISABLED <-> PROTOCOL-IMAP rename overflow attempt (protocol-imap.rules)
 * 1:1902 <-> DISABLED <-> PROTOCOL-IMAP lsub literal overflow attempt (protocol-imap.rules)
 * 1:1888 <-> DISABLED <-> PROTOCOL-FTP SITE CPWD overflow attempt (protocol-ftp.rules)
 * 1:18706 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18705 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18704 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18703 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18702 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:18680 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules)
 * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules)
 * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules)
 * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules)
 * 1:1845 <-> DISABLED <-> PROTOCOL-IMAP list literal overflow attempt (protocol-imap.rules)
 * 1:1844 <-> ENABLED <-> PROTOCOL-IMAP authenticate overflow attempt (protocol-imap.rules)
 * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules)
 * 1:18320 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows WINS association context validation overflow attempt (specific-threats.rules)
 * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:1813 <-> DISABLED <-> PROTOCOL-ICMP digital island bandwidth query (protocol-icmp.rules)
 * 1:17743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:1755 <-> DISABLED <-> PROTOCOL-IMAP partial body buffer overflow attempt (protocol-imap.rules)
 * 1:17403 <-> ENABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules)
 * 1:17393 <-> ENABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules)
 * 1:17392 <-> ENABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules)
 * 1:17345 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules)
 * 1:17344 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules)
 * 1:17343 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules)
 * 1:17342 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules)
 * 1:17341 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules)
 * 1:17340 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules)
 * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules)
 * 1:17339 <-> ENABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules)
 * 1:17338 <-> ENABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules)
 * 1:17337 <-> ENABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules)
 * 1:17336 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules)
 * 1:17335 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules)
 * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules)
 * 1:17325 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules)
 * 1:17324 <-> ENABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules)
 * 1:17323 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder unescaped (indicator-shellcode.rules)
 * 1:17322 <-> ENABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules)
 * 1:17123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules)
 * 1:17122 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules)
 * 1:17121 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules)
 * 1:17120 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules)
 * 1:17106 <-> ENABLED <-> FILE-IDENTIFY download of RMF file - potentially malicious (file-identify.rules)
 * 1:16594 <-> DISABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16445 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules)
 * 1:16353 <-> ENABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules)
 * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:1635 <-> DISABLED <-> PROTOCOL-POP APOP overflow attempt (protocol-pop.rules)
 * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules)
 * 1:1625 <-> DISABLED <-> PROTOCOL-FTP SYST overflow attempt (protocol-ftp.rules)
 * 1:1624 <-> DISABLED <-> PROTOCOL-FTP PWD overflow attempt (protocol-ftp.rules)
 * 1:1621 <-> DISABLED <-> PROTOCOL-FTP CMD overflow attempt (protocol-ftp.rules)
 * 1:16028 <-> DISABLED <-> WEB-MISC Novell Groupwise Messenger parameters invalid memory access attempt (web-misc.rules)
 * 1:15935 <-> DISABLED <-> DNS dns response for rfc1918 192.168/16 address detected (dns.rules)
 * 1:15934 <-> DISABLED <-> DNS dns response for rfc1918 172.16/12 address detected (dns.rules)
 * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules)
 * 1:15902 <-> ENABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:1562 <-> DISABLED <-> PROTOCOL-FTP SITE CHOWN overflow attempt (protocol-ftp.rules)
 * 1:15484 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow (protocol-imap.rules)
 * 1:1541 <-> DISABLED <-> PROTOCOL-FINGER version query (protocol-finger.rules)
 * 1:1529 <-> DISABLED <-> PROTOCOL-FTP SITE overflow attempt (protocol-ftp.rules)
 * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules)
 * 1:15106 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:15082 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules)
 * 1:14986 <-> ENABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules)
 * 1:13249 <-> DISABLED <-> DNS dns response for rfc1918 10/8 address detected (dns.rules)
 * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules)
 * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Asterisk data length field overflow attempt (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow (protocol-imap.rules)
 * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules)
 * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules)
 * 1:337 <-> DISABLED <-> PROTOCOL-FTP CEL overflow attempt (protocol-ftp.rules)
 * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules)
 * 1:363 <-> DISABLED <-> PROTOCOL-ICMP IRDP router advertisement (protocol-icmp.rules)
 * 1:364 <-> DISABLED <-> PROTOCOL-ICMP IRDP router selection (protocol-icmp.rules)
 * 1:365 <-> DISABLED <-> PROTOCOL-ICMP PING undefined code (protocol-icmp.rules)
 * 1:366 <-> DISABLED <-> PROTOCOL-ICMP PING *NIX (protocol-icmp.rules)
 * 1:368 <-> DISABLED <-> PROTOCOL-ICMP PING BSDtype (protocol-icmp.rules)
 * 1:369 <-> DISABLED <-> PROTOCOL-ICMP PING BayRS Router (protocol-icmp.rules)
 * 1:370 <-> DISABLED <-> PROTOCOL-ICMP PING BeOS4.x (protocol-icmp.rules)
 * 1:371 <-> DISABLED <-> PROTOCOL-ICMP PING Cisco Type.x (protocol-icmp.rules)
 * 1:372 <-> DISABLED <-> PROTOCOL-ICMP PING Delphi-Piette Windows (protocol-icmp.rules)
 * 1:373 <-> DISABLED <-> PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software (protocol-icmp.rules)
 * 1:374 <-> DISABLED <-> PROTOCOL-ICMP PING IP NetMonitor Macintosh (protocol-icmp.rules)
 * 1:375 <-> DISABLED <-> PROTOCOL-ICMP PING LINUX/*BSD (protocol-icmp.rules)
 * 1:376 <-> DISABLED <-> PROTOCOL-ICMP PING Microsoft Windows (protocol-icmp.rules)
 * 1:377 <-> DISABLED <-> PROTOCOL-ICMP PING Network Toolbox 3 Windows (protocol-icmp.rules)
 * 1:378 <-> DISABLED <-> PROTOCOL-ICMP PING Ping-O-MeterWindows (protocol-icmp.rules)
 * 1:379 <-> DISABLED <-> PROTOCOL-ICMP PING Pinger Windows (protocol-icmp.rules)
 * 1:380 <-> DISABLED <-> PROTOCOL-ICMP PING Seer Windows (protocol-icmp.rules)
 * 1:381 <-> DISABLED <-> PROTOCOL-ICMP PING Oracle Solaris (protocol-icmp.rules)
 * 1:382 <-> DISABLED <-> PROTOCOL-ICMP PING Windows (protocol-icmp.rules)
 * 1:384 <-> DISABLED <-> PROTOCOL-ICMP PING (protocol-icmp.rules)
 * 1:385 <-> DISABLED <-> PROTOCOL-ICMP traceroute (protocol-icmp.rules)
 * 1:386 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply (protocol-icmp.rules)
 * 1:387 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply undefined code (protocol-icmp.rules)
 * 1:388 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request (protocol-icmp.rules)
 * 1:389 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request undefined code (protocol-icmp.rules)
 * 1:390 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address (protocol-icmp.rules)
 * 1:391 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address undefined code (protocol-icmp.rules)
 * 1:392 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error (protocol-icmp.rules)
 * 1:393 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error undefined code (protocol-icmp.rules)
 * 1:394 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Host Unknown (protocol-icmp.rules)
 * 1:395 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Network Unknown (protocol-icmp.rules)
 * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules)
 * 1:397 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Precedence Violation (protocol-icmp.rules)
 * 1:398 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable for Type of Service (protocol-icmp.rules)
 * 1:399 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable (protocol-icmp.rules)
 * 1:400 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable for Type of Service (protocol-icmp.rules)
 * 1:401 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable (protocol-icmp.rules)
 * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules)
 * 1:403 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Precedence Cutoff in effect (protocol-icmp.rules)
 * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules)
 * 1:405 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Host Isolated (protocol-icmp.rules)
 * 1:406 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Route Failed (protocol-icmp.rules)
 * 1:407 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable cndefined code (protocol-icmp.rules)
 * 1:408 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply (protocol-icmp.rules)
 * 1:409 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply undefined code (protocol-icmp.rules)
 * 1:410 <-> DISABLED <-> PROTOCOL-ICMP Fragment Reassembly Time Exceeded (protocol-icmp.rules)
 * 1:411 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here (protocol-icmp.rules)
 * 1:412 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here undefined code (protocol-icmp.rules)
 * 1:413 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You (protocol-icmp.rules)
 * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules)
 * 1:414 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You undefined code (protocol-icmp.rules)
 * 1:415 <-> DISABLED <-> PROTOCOL-ICMP Information Reply (protocol-icmp.rules)
 * 1:416 <-> DISABLED <-> PROTOCOL-ICMP Information Reply undefined code (protocol-icmp.rules)
 * 1:417 <-> DISABLED <-> PROTOCOL-ICMP Information Request (protocol-icmp.rules)
 * 1:418 <-> DISABLED <-> PROTOCOL-ICMP Information Request undefined code (protocol-icmp.rules)
 * 1:419 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect (protocol-icmp.rules)
 * 1:420 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect undefined code (protocol-icmp.rules)
 * 1:421 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply (protocol-icmp.rules)
 * 1:422 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply undefined code (protocol-icmp.rules)
 * 1:423 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request (protocol-icmp.rules)
 * 1:424 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request undefined code (protocol-icmp.rules)
 * 1:425 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Bad Length (protocol-icmp.rules)
 * 1:426 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Missing a Required Option (protocol-icmp.rules)
 * 1:427 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Unspecified Error (protocol-icmp.rules)
 * 1:428 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem undefined Code (protocol-icmp.rules)
 * 1:429 <-> DISABLED <-> PROTOCOL-ICMP Photuris Reserved (protocol-icmp.rules)
 * 1:430 <-> DISABLED <-> PROTOCOL-ICMP Photuris Unknown Security Parameters Index (protocol-icmp.rules)
 * 1:431 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Authentication Failed (protocol-icmp.rules)
 * 1:432 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Decryption Failed (protocol-icmp.rules)
 * 1:433 <-> DISABLED <-> PROTOCOL-ICMP Photuris undefined code! (protocol-icmp.rules)
 * 1:436 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Host (protocol-icmp.rules)
 * 1:437 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Network (protocol-icmp.rules)
 * 1:438 <-> DISABLED <-> PROTOCOL-ICMP Redirect undefined code (protocol-icmp.rules)
 * 1:439 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 (protocol-icmp.rules)
 * 1:440 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 undefined code (protocol-icmp.rules)
 * 1:441 <-> DISABLED <-> PROTOCOL-ICMP Router Advertisement (protocol-icmp.rules)
 * 1:443 <-> DISABLED <-> PROTOCOL-ICMP Router Selection (protocol-icmp.rules)
 * 1:445 <-> DISABLED <-> PROTOCOL-ICMP SKIP (protocol-icmp.rules)
 * 1:446 <-> DISABLED <-> PROTOCOL-ICMP SKIP undefined code (protocol-icmp.rules)
 * 1:448 <-> DISABLED <-> PROTOCOL-ICMP Source Quench undefined code (protocol-icmp.rules)
 * 1:449 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit (protocol-icmp.rules)
 * 1:450 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit undefined code (protocol-icmp.rules)
 * 1:451 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply (protocol-icmp.rules)
 * 1:452 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply undefined code (protocol-icmp.rules)
 * 1:453 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request (protocol-icmp.rules)
 * 1:454 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request undefined code (protocol-icmp.rules)
 * 1:456 <-> DISABLED <-> PROTOCOL-ICMP Traceroute (protocol-icmp.rules)
 * 1:457 <-> DISABLED <-> PROTOCOL-ICMP Traceroute undefined code (protocol-icmp.rules)
 * 1:458 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 (protocol-icmp.rules)
 * 1:459 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 undefined code (protocol-icmp.rules)
 * 1:460 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 (protocol-icmp.rules)
 * 1:461 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 undefined code (protocol-icmp.rules)
 * 1:462 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 7 (protocol-icmp.rules)
 * 1:463 <-> ENABLED <-> PROTOCOL-ICMP unassigned type 7 undefined code (protocol-icmp.rules)
 * 1:4645 <-> DISABLED <-> PROTOCOL-IMAP search format string attempt (protocol-imap.rules)
 * 1:4646 <-> DISABLED <-> PROTOCOL-IMAP search literal format string attempt (protocol-imap.rules)
 * 1:465 <-> DISABLED <-> PROTOCOL-ICMP ISS Pinger (protocol-icmp.rules)
 * 1:466 <-> DISABLED <-> PROTOCOL-ICMP L3retriever Ping (protocol-icmp.rules)
 * 1:467 <-> DISABLED <-> PROTOCOL-ICMP Nemesis v1.1 Echo (protocol-icmp.rules)
 * 1:474 <-> DISABLED <-> PROTOCOL-ICMP superscan echo (protocol-icmp.rules)
 * 1:476 <-> DISABLED <-> PROTOCOL-ICMP webtrends scanner (protocol-icmp.rules)
 * 1:480 <-> DISABLED <-> PROTOCOL-ICMP PING speedera (protocol-icmp.rules)
 * 1:481 <-> DISABLED <-> PROTOCOL-ICMP TJPingPro1.1Build 2 Windows (protocol-icmp.rules)
 * 1:482 <-> DISABLED <-> PROTOCOL-ICMP PING WhatsupGold Windows (protocol-icmp.rules)
 * 1:483 <-> DISABLED <-> PROTOCOL-ICMP PING CyberKit 2.2 Windows (protocol-icmp.rules)
 * 1:484 <-> DISABLED <-> PROTOCOL-ICMP PING Sniffer Pro/NetXRay network scan (protocol-icmp.rules)
 * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules)
 * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules)
 * 1:5698 <-> DISABLED <-> PROTOCOL-IMAP list directory traversal attempt (protocol-imap.rules)