Talos Rules 2015-09-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-identify, file-multimedia, file-other, file-pdf, indicator-compromise, malware-other, malware-tools, netbios, policy-other, protocol-dns, protocol-imap, protocol-scada, server-mail, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-09-03 17:18:59 UTC

Snort Subscriber Rules Update

Date: 2015-09-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules)
 * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules)
 * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules)
 * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules)
 * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules)
 * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules)
 * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules)
 * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules)
 * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules)
 * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules)
 * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules)
 * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules)
 * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules)
 * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
 * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules)
 * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules)
 * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules)
 * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules)
 * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules)
 * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules)
 * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules)
 * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules)
 * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules)
 * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules)
 * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules)
 * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules)
 * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules)
 * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)

2015-09-03 17:18:59 UTC

Snort Subscriber Rules Update

Date: 2015-09-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules)
 * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules)
 * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules)
 * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules)
 * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules)
 * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules)
 * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules)
 * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules)
 * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules)
 * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules)
 * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules)
 * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
 * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules)
 * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules)
 * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules)
 * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules)
 * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules)
 * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules)
 * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules)
 * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules)
 * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules)
 * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
 * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules)
 * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules)
 * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules)
 * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules)

2015-09-03 17:18:59 UTC

Snort Subscriber Rules Update

Date: 2015-09-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules)
 * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules)
 * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules)
 * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules)
 * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules)
 * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules)
 * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules)
 * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules)
 * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules)
 * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules)
 * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules)
 * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules)
 * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules)
 * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules)
 * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules)
 * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules)
 * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
 * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules)
 * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules)
 * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules)
 * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt  (server-other.rules)
 * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules)
 * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules)
 * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules)
 * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules)
 * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules)
 * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules)
 * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules)
 * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules)
 * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules)
 * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules)
 * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules)
 * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules)
 * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)

Modified Rules:


 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules)
 * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules)
 * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules)
 * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules)
 * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules)
 * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules)
 * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)