Sourcefire VRT Rules Update

Date: 2013-04-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules)
 * 1:26406 <-> ENABLED <-> BLACKLIST DNS request for known malware domain photobeat.su - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26414 <-> ENABLED <-> SCADA CODESYS Gateway-Server executable file upload attempt (scada.rules)
 * 1:26399 <-> ENABLED <-> BLACKLIST DNS request for known malware domain f.eastmoon.pl - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26408 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gigasphere.su - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26395 <-> ENABLED <-> MALWARE-OTHER Possible data upload - Bitcoin Miner User Agent (malware-other.rules)
 * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules)
 * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules)
 * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules)
 * 1:26405 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xixbh.net - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26396 <-> ENABLED <-> BLACKLIST DNS request for known malware domain suppp.cantvenlinea.biz - Bitcoin Miner upload (blacklist.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26422 <-> ENABLED <-> FILE-IDENTIFY Metalink File file attachment detected (file-identify.rules)
 * 1:26400 <-> ENABLED <-> BLACKLIST DNS request for known malware domain s.richlab.pl - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26427 <-> DISABLED <-> DOS ISC libdns client NAPTR record regular expression handling denial of service attempt (dos.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26418 <-> ENABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules)
 * 1:26420 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26403 <-> ENABLED <-> BLACKLIST DNS request for known malware domain h.opennews.su - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26421 <-> ENABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26419 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules)
 * 1:26407 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uranus.kei.su - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26404 <-> ENABLED <-> BLACKLIST DNS request for known malware domain o.dailyradio.su - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules)
 * 1:26417 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules)
 * 1:26402 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xixbh.com - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26423 <-> ENABLED <-> FILE-IDENTIFY Metalink File file attachment detected (file-identify.rules)
 * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules)
 * 1:26401 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gigasbh.org - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26409 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ext.myshopers.com - Win.Trojan.Dorkbot (blacklist.rules)
 * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules)
 * 1:26430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26415 <-> ENABLED <-> SCADA CODESYS Gateway-Server directory traversal attempt (scada.rules)
 * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules)
 * 1:26424 <-> ENABLED <-> FILE-IDENTIFY Metalink File file download request (file-identify.rules)
 * 1:26416 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules)

Modified Rules:


 * 1:23107 <-> ENABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:16549 <-> ENABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules)
 * 1:16522 <-> ENABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules)
 * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules)
 * 1:16346 <-> ENABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules)
 * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules)
 * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules)
 * 1:16345 <-> ENABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules)
 * 1:15703 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:15707 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:15705 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:15510 <-> ENABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15704 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules)
 * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules)
 * 1:13632 <-> ENABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules)
 * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules)
 * 1:13898 <-> DISABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13797 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules)
 * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules)
 * 1:1284 <-> DISABLED <-> SERVER-OTHER readme.eml download attempt (server-other.rules)
 * 1:1290 <-> DISABLED <-> FILE-OTHER readme.eml autoload attempt (file-other.rules)
 * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX Exploit Kit PDF Exploit download attempt (exploit-kit.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25507 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules)
 * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp Exploit Kit Javascript request (exploit-kit.rules)
 * 1:25301 <-> ENABLED <-> EXPLOIT-KIT redirect to malicious java archive attempt (exploit-kit.rules)
 * 1:3077 <-> DISABLED <-> PROTOCOL-FTP RNFR overflow attempt (protocol-ftp.rules)
 * 1:25798 <-> DISABLED <-> EXPLOIT-KIT Multiple Exploit Kit 32-alpha jar request (exploit-kit.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:24972 <-> DISABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:24663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules)
 * 1:25792 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG object user after free attempt (browser-ie.rules)
 * 1:26064 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:26063 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:23386 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
 * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules)
 * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:20848 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules)
 * 1:21422 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21302 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules)
 * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules)
 * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Actionscript Stage3D null dereference attempt (file-flash.rules)
 * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules)
 * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules)
 * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules)
 * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules)
 * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules)
 * 1:21913 <-> ENABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules)
 * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules)
 * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules)
 * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15706 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules)
 * 1:16550 <-> ENABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules)
 * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16608 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ActiveX control access attempt (browser-plugins.rules)
 * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules)
 * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules)
 * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules)
 * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules)
 * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules)
 * 1:24662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules)
 * 1:19220 <-> ENABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules)
 * 1:24557 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:24558 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:19219 <-> ENABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules)
 * 1:24228 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 - Landing Page Received (exploit-kit.rules)
 * 1:2435 <-> DISABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:23842 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules)
 * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:23561 <-> ENABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:23529 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:23530 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules)
 * 1:23059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:23555 <-> ENABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23622 <-> ENABLED <-> EXPLOIT-KIT Blackhole landing page request - tkr (exploit-kit.rules)
 * 1:23766 <-> DISABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:23726 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:24556 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:2437 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer arbitrary javascript command attempt (file-multimedia.rules)
 * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules)
 * 1:20225 <-> DISABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:19620 <-> DISABLED <-> FILE-FLASH Adobe multiple products dwmapi.dll dll-load exploit attempt (file-flash.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules)
 * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20295 <-> ENABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules)
 * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class double free overflow attempt (file-other.rules)
 * 1:26130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules)
 * 1:26223 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26220 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26216 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:3078 <-> DISABLED <-> NNTP Microsoft Windows SEARCH pattern overflow attempt (nntp.rules)
 * 1:26221 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26164 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26059 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:25970 <-> DISABLED <-> OS-WINDOWS TCP FIN sent to client (os-windows.rules)
 * 1:26080 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:25509 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:25801 <-> DISABLED <-> EXPLOIT-KIT Stamp Exploit Kit jar file request (exploit-kit.rules)
 * 1:26225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:25769 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:3008 <-> DISABLED <-> PROTOCOL-IMAP delete literal overflow attempt (protocol-imap.rules)
 * 1:25327 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:3079 <-> ENABLED <-> BROWSER-IE Microsoft Windows Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:2577 <-> DISABLED <-> FILE-OTHER local resource redirection attempt (file-other.rules)
 * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:3080 <-> DISABLED <-> SERVER-OTHER Unreal Tournament secure overflow attempt (server-other.rules)
 * 1:26218 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26061 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules)
 * 1:25982 <-> ENABLED <-> EXPLOIT-KIT g01pack browser check attempt (exploit-kit.rules)
 * 1:26354 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer expression clause in style tag cross site scripting attempt (browser-ie.rules)
 * 1:26129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules)
 * 1:3000 <-> DISABLED <-> OS-WINDOWS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:25799 <-> DISABLED <-> EXPLOIT-KIT Stamp Exploit Kit pdf request (exploit-kit.rules)
 * 1:26085 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp Exploit Kit encoded portable executable request (exploit-kit.rules)
 * 1:26217 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26222 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26324 <-> DISABLED <-> DOS ISC BIND NAPTR record regular expression handling denial of service attempt (dos.rules)
 * 1:26013 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit redirection page received (exploit-kit.rules)
 * 1:26083 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:26062 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:25602 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:3006 <-> DISABLED <-> SERVER-OTHER Volition Freespace 2 buffer overflow attempt (server-other.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:23122 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules)
 * 1:23156 <-> ENABLED <-> EXPLOIT-KIT URI Nuclear Pack exploit kit landing page (exploit-kit.rules)
 * 1:20720 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21462 <-> DISABLED <-> FILE-OTHER Oracle Java Plugin security bypass (file-other.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:10419 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ProgColor ActiveX clsid access (browser-plugins.rules)
 * 1:3470 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer VIDORV30 header length buffer overflow (file-multimedia.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules)
 * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules)
 * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules)
 * 1:8413 <-> DISABLED <-> FILE-OTHER HCP URI uplddrvinfo access (file-other.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:20850 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:497 <-> DISABLED <-> INDICATOR-COMPROMISE file copied ok (indicator-compromise.rules)
 * 1:3089 <-> DISABLED <-> DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules)
 * 1:21301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules)
 * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules)
 * 1:21423 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:21307 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules)
 * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules)
 * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules)
 * 1:3005 <-> DISABLED <-> OS-WINDOWS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules)
 * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules)
 * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21944 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules)
 * 1:3471 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist URL overflow attempt (file-multimedia.rules)
 * 1:9619 <-> DISABLED <-> FILE-OTHER Gnu gv buffer overflow attempt (file-other.rules)
 * 1:3085 <-> DISABLED <-> EXPLOIT AIM goaway message buffer overflow attempt (exploit.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:20431 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules)
 * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules)
 * 1:26163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26060 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules)
 * 1:26219 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:26084 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26065 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:3009 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection request (malware-backdoor.rules)
 * 1:26224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules)
 * 1:3086 <-> DISABLED <-> SERVER-WEBAPP 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (server-webapp.rules)
 * 1:23157 <-> ENABLED <-> EXPLOIT-KIT URI Nuclear Pack exploit kit binary download (exploit-kit.rules)
 * 1:25325 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules)
 * 1:20882 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:21080 <-> DISABLED <-> FILE-OTHER RDS.Dataspace ActiveX object code execution attempt (file-other.rules)
 * 1:21940 <-> DISABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:20856 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER IBM Domino HTTP redirect host buffer overflow attempt (server-other.rules)
 * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules)
 * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules)
 * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules)
 * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules)
 * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules)
 * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules)
 * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules)
 * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules)
 * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules)
 * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules)
 * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules)
 * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules)
 * 1:16686 <-> ENABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules)
 * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules)
 * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules)
 * 1:16719 <-> ENABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules)
 * 1:16720 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules)
 * 1:16721 <-> ENABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules)
 * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules)
 * 1:16727 <-> ENABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules)
 * 1:16729 <-> DISABLED <-> BROWSER-PLUGINS McAfee Remediation client ActiveX control access attempt (browser-plugins.rules)
 * 1:16730 <-> ENABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:16732 <-> ENABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules)
 * 1:16733 <-> ENABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules)
 * 1:16736 <-> ENABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules)
 * 1:16741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules)
 * 1:17104 <-> ENABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules)
 * 1:17105 <-> ENABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules)
 * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:17231 <-> ENABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules)
 * 1:17232 <-> ENABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:17250 <-> ENABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules)
 * 1:1735 <-> DISABLED <-> BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt (browser-other.rules)
 * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules)
 * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17459 <-> ENABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17460 <-> ENABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17573 <-> ENABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules)
 * 1:17602 <-> ENABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules)
 * 1:17633 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules)
 * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules)
 * 1:17770 <-> ENABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules)
 * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules)
 * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules)
 * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules)
 * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules)
 * 1:18201 <-> ENABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:18239 <-> ENABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules)
 * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules)
 * 1:18529 <-> ENABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules)
 * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules)
 * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules)
 * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules)
 * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules)
 * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules)
 * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules)
 * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules)
 * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules)
 * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules)
 * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules)
 * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules)
 * 3:15683 <-> ENABLED <-> WEB-MISC ISA Server OTP-based Forms-authorization fallback policy bypass attempt (web-misc.rules)
 * 3:16227 <-> ENABLED <-> WEB-MISC Web Service on Devices API WSDAPI URL processing buffer corruption attempt (web-misc.rules)
 * 3:17041 <-> ENABLED <-> WEB-MISC ISA Server OTP-based Forms-authorization fallback policy bypass attempt (web-misc.rules)