Talos has added and modified multiple rules in the browser-ie, browser-other, exploit-kit, file-flash, file-identify, file-multimedia, file-office, malware-backdoor, malware-cnc, malware-other, netbios, os-windows, policy-other, protocol-imap, protocol-other, protocol-pop, protocol-rpc, protocol-voip, pua-other, server-mail, server-oracle, server-other and SQL rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44634 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44635 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44642 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center getSelInsBean Java expression language injection attempt (server-webapp.rules) * 1:44637 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44638 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44636 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
* 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6404 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:40521 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:3081 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect (malware-backdoor.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:40235 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes ping request (malware-cnc.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:40520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:40519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:27741 <-> ENABLED <-> EXPLOIT-KIT Zip file downloaded by Java (exploit-kit.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20850 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20851 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23138 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23139 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23766 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44636 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44638 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44642 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center getSelInsBean Java expression language injection attempt (server-webapp.rules) * 1:44637 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44635 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44634 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
* 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6404 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40521 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40235 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes ping request (malware-cnc.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:3081 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect (malware-backdoor.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:27741 <-> ENABLED <-> EXPLOIT-KIT Zip file downloaded by Java (exploit-kit.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20850 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20851 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23138 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23139 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23766 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44642 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center getSelInsBean Java expression language injection attempt (server-webapp.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44638 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44637 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44636 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44635 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44634 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules)
* 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23139 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23138 <-> DISABLED <-> SERVER-OTHER Apple CUPS IPP memory corruption attempt (server-other.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20851 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20850 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27741 <-> ENABLED <-> EXPLOIT-KIT Zip file downloaded by Java (exploit-kit.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23766 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:3081 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect (malware-backdoor.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40235 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes ping request (malware-cnc.rules) * 1:40519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40521 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6404 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
