Sourcefire VRT Rules Update

Date: 2013-03-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:26163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26166 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules)
 * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules)
 * 1:26165 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules)
 * 1:26130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules)
 * 1:26131 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:26158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26120 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gao.gaokew.com (blacklist.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ppt.ezua.com (blacklist.rules)
 * 1:26119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26161 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26159 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ope.coastmaritime.org (blacklist.rules)
 * 1:26136 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules)
 * 1:26106 <-> ENABLED <-> MALWARE-CNC Zeus Variant Content Length Header Mismatch Oddities (malware-cnc.rules)
 * 1:26154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zgrshy.zyns.com (blacklist.rules)
 * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules)
 * 1:26156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zgrshy11.zyns.com (blacklist.rules)
 * 1:26142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain foreignpolicy.zonet.us (blacklist.rules)
 * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules)
 * 1:26151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.arrowservice.net (blacklist.rules)
 * 1:26133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules)
 * 1:26137 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onBeforeCopy use after free attempt (browser-ie.rules)
 * 1:26114 <-> ENABLED <-> MALWARE-CNC Android Zitmo trojan intercepted sms upload (malware-cnc.rules)
 * 1:26148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain opp.globalsecuriy.org (blacklist.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules)
 * 1:26113 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules)
 * 1:26129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules)
 * 1:26135 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules)
 * 1:26134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access memory corruption attempt (browser-ie.rules)
 * 1:26139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain arm.armed.us (blacklist.rules)
 * 1:26141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain default.arrowservice.net (blacklist.rules)
 * 1:26121 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain klwest.purpledaily.com (blacklist.rules)
 * 1:26145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain micyuisyahooapis.com (blacklist.rules)
 * 1:26111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:26147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain opp.coastmaritime.org (blacklist.rules)
 * 1:26152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.globalsecuriy.org (blacklist.rules)
 * 1:26170 <-> ENABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules)
 * 1:26167 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules)
 * 1:26171 <-> ENABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules)
 * 1:26140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dec.globalsecuriy.org (blacklist.rules)
 * 1:26164 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26162 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor use after free attempt (browser-ie.rules)
 * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules)
 * 1:26155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain zgrshy10.zyns.com (blacklist.rules)
 * 1:26160 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain usapappers.com (blacklist.rules)
 * 1:26125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 2D-position use after free attempt (browser-ie.rules)
 * 1:26138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onBeforeCopy use after free attempt (browser-ie.rules)
 * 1:26153 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www2.wikaba.com (blacklist.rules)
 * 1:26110 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26124 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:26168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:20117 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint XSS (server-webapp.rules)
 * 1:20209 <-> DISABLED <-> SCADA Cogent unicode buffer overflow attempt (scada.rules)
 * 1:21429 <-> ENABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:25310 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules)
 * 1:25354 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules)
 * 1:25378 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime Targa image file buffer overflow attempt (file-multimedia.rules)
 * 1:25456 <-> DISABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25475 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:25564 <-> DISABLED <-> FILE-PDF Adobe Reader heap-based buffer overflow attempt (file-pdf.rules)
 * 1:25614 <-> ENABLED <-> OS-OTHER Apple iOS 6.x jailbreak download attempt (os-other.rules)
 * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25767 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Acrobat Reader JPX malformed code-block width attempt (file-pdf.rules)
 * 1:25791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compatibility mode invalid memory access attempt (browser-ie.rules)
 * 1:25812 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules)
 * 1:25832 <-> ENABLED <-> FILE-OTHER Oracle Java JMX class arbitrary code execution attempt (file-other.rules)
 * 1:25849 <-> DISABLED <-> SCADA Schneider Electric IGSS integer underflow attempt (scada.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:20111 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules)
 * 1:20112 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules)
 * 1:20113 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules)
 * 1:20114 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint hiddenSpanData cross site scripting attempt (server-webapp.rules)
 * 1:20115 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XML external entity exploit attempt (server-webapp.rules)
 * 1:20116 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Javascript XSS attempt (server-webapp.rules)
 * 1:15108 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules)
 * 1:20207 <-> DISABLED <-> SCADA Cogent unicode buffer overflow attempt (scada.rules)
 * 1:20208 <-> DISABLED <-> SCADA Cogent unicode buffer overflow attempt (scada.rules)
 * 1:20210 <-> DISABLED <-> SCADA Cogent unicode buffer overflow attempt (scada.rules)
 * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules)
 * 1:21297 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint themeweb.aspx XSS attempt (server-webapp.rules)
 * 1:21298 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:25304 <-> DISABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules)
 * 1:25298 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules)
 * 1:25348 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules)
 * 1:25311 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules)
 * 1:25367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25355 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (file-office.rules)
 * 1:25450 <-> DISABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules)
 * 1:25455 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules)
 * 1:25379 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime Targa image file buffer overflow attempt (file-multimedia.rules)
 * 1:25458 <-> DISABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules)
 * 1:25460 <-> DISABLED <-> FILE-PDF Adobe Reader incomplete JP2K image geometry - potentially malicious (file-pdf.rules)
 * 1:25457 <-> DISABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25468 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25464 <-> DISABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25537 <-> DISABLED <-> FILE-PDF Adobe Reader TTF parsing bad cmap format attempt (file-pdf.rules)
 * 1:25476 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent User-Agent (blacklist.rules)
 * 1:25527 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules)
 * 1:25608 <-> ENABLED <-> FILE-OTHER Csound hetro audio file buffer overflow attempt (file-other.rules)
 * 1:25587 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY Csound audio file file attachment detected (file-identify.rules)
 * 1:25648 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25616 <-> ENABLED <-> FILE-OTHER Apple iOS 6.x jailbreak download attempt (file-other.rules)
 * 1:25647 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25682 <-> ENABLED <-> FILE-FLASH Adobe Flash Player embedded compact font detected (file-flash.rules)
 * 1:25785 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer text layout calculation use after free attempt (browser-ie.rules)
 * 1:25787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25775 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer pre-line use after free attempt (browser-ie.rules)
 * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules)
 * 1:25797 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules)
 * 1:25794 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid Shift_JIS character xss attempt (browser-ie.rules)
 * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Reader known malicious variable exploit attempt (file-pdf.rules)
 * 1:25813 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules)
 * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:25834 <-> ENABLED <-> FILE-OTHER Oracle Java JMX class arbitrary code execution attempt (file-other.rules)
 * 1:25833 <-> ENABLED <-> FILE-OTHER Oracle Java malicious class download attempt (file-other.rules)
 * 1:25851 <-> DISABLED <-> SCADA Schneider Electric IGSS integer underflow attempt (scada.rules)
 * 1:25852 <-> DISABLED <-> SCADA Schneider Electric IGSS integer underflow attempt (scada.rules)
 * 1:25850 <-> DISABLED <-> SCADA Schneider Electric IGSS integer underflow attempt (scada.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25969 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules)
 * 1:25984 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:21632 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:23113 <-> ENABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules)
 * 1:23114 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules)
 * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules)
 * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules)
 * 1:23265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:23281 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint scriptresx.ashx XSS attempt (server-webapp.rules)
 * 1:23282 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint query.iqy XSS attempt (server-webapp.rules)
 * 1:23538 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules)
 * 1:23624 <-> ENABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules)
 * 1:23636 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules)
 * 1:23891 <-> ENABLED <-> FILE-PDF Adobe Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23892 <-> ENABLED <-> FILE-PDF Adobe Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23894 <-> DISABLED <-> SERVER-WEBAPP truncated crypt function attempt (server-webapp.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24059 <-> DISABLED <-> SERVER-WEBAPP 5.3.3 mt_rand integer overflow attempt (server-webapp.rules)
 * 1:24126 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules)
 * 1:24145 <-> DISABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules)
 * 1:24149 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules)
 * 1:24151 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules)
 * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules)
 * 1:24158 <-> DISABLED <-> FILE-IDENTIFY .rtx file attachment detected (file-identify.rules)
 * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24193 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules)
 * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules)
 * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules)
 * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules)
 * 1:24203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:24202 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:24205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:24207 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules)
 * 1:24208 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules)
 * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules)
 * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules)
 * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules)
 * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules)
 * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules)
 * 1:24245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D integer overflow attempt (file-flash.rules)
 * 1:24247 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24249 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX function call access attempt (browser-plugins.rules)
 * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules)
 * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules)
 * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules)
 * 1:24264 <-> ENABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules)
 * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules)
 * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:24272 <-> ENABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules)
 * 1:24273 <-> ENABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules)
 * 1:24278 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules)
 * 1:24279 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:24280 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules)
 * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules)
 * 1:24323 <-> DISABLED <-> BROWSER-PLUGINS EMC ApplicationXtender Desktop ActiveX function call attempt (browser-plugins.rules)
 * 1:24354 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules)
 * 1:24352 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules)
 * 1:24358 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules)
 * 1:24364 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24367 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules)
 * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules)
 * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24461 <-> DISABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24454 <-> DISABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:24466 <-> DISABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24469 <-> DISABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24471 <-> DISABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24476 <-> DISABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24477 <-> DISABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24478 <-> DISABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24479 <-> DISABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24481 <-> DISABLED <-> SCADA DATAC RealWin System buffer overflow attempt (scada.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24498 <-> DISABLED <-> FILE-OTHER Oracle Java JNLP parameter argument injection attempt (file-other.rules)
 * 1:24499 <-> DISABLED <-> FILE-OTHER Oracle Java JNLP parameter argument injection attempt (file-other.rules)
 * 1:24500 <-> ENABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24509 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:24511 <-> ENABLED <-> FILE-OTHER Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-other.rules)
 * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules)
 * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules)
 * 1:24535 <-> ENABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules)
 * 1:24550 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules)
 * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24553 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24555 <-> DISABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24573 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24581 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:24582 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24584 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:24585 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules)
 * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules)
 * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24608 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page download attempt (exploit-kit.rules)
 * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24626 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24636 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 redirection page - specific structure (exploit-kit.rules)
 * 1:24641 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules)
 * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24654 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 table th element use after free attempt (browser-ie.rules)
 * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules)
 * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules)
 * 1:24660 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 style properties use after free attempt (browser-ie.rules)
 * 1:24663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules)
 * 1:24669 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24670 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules)
 * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules)
 * 1:24710 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Reader empty object page tree node reference attempt (file-pdf.rules)
 * 1:24725 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access (browser-plugins.rules)
 * 1:24726 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access (browser-plugins.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24764 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24770 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24823 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:24826 <-> DISABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24861 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page in an email (exploit-kit.rules)
 * 1:24863 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page in an email (exploit-kit.rules)
 * 1:24865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page in an email (exploit-kit.rules)
 * 1:24868 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules)
 * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24896 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24905 <-> ENABLED <-> FILE-OTHER Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-other.rules)
 * 1:24906 <-> ENABLED <-> FILE-OTHER Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-other.rules)
 * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules)
 * 1:24915 <-> ENABLED <-> FILE-OTHER Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-other.rules)
 * 1:24955 <-> ENABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:24975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules)
 * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24993 <-> DISABLED <-> FILE-OTHER Oracle Java Applet remote code execution attempt (file-other.rules)
 * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules)
 * 1:25006 <-> ENABLED <-> FILE-OTHER Oracle JavaScript heap exploitation library usage attempt (file-other.rules)
 * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules)
 * 1:25034 <-> DISABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules)
 * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25131 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:10415 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules)
 * 1:10412 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules)
 * 1:18238 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules)
 * 1:25132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25331 <-> DISABLED <-> FILE-OFFICE Microsoft Excel conditional code execution attempt (file-office.rules)
 * 1:25134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules)
 * 1:26028 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules)
 * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules)
 * 1:26079 <-> ENABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules)
 * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26027 <-> ENABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules)
 * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:26022 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules)
 * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules)
 * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26080 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules)
 * 1:25235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules)
 * 1:25248 <-> ENABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:26029 <-> ENABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript string attempt (file-pdf.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26096 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules)
 * 1:4156 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player 7+ ActiveX object access (browser-plugins.rules)
 * 1:26089 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules)
 * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:25986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:16482 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:16560 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules)
 * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules)
 * 1:18985 <-> ENABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:10389 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX function call access attempt (browser-plugins.rules)
 * 1:10387 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX clsid access attempt (browser-plugins.rules)
 * 1:25253 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules)
 * 1:25308 <-> DISABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25985 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules)
 * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)