Sourcefire VRT Rules Update

Date: 2012-11-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24660 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 style properties use after free attempt (browser-ie.rules)
 * 1:24629 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware WebCenter selectedLocale parameter sql injection attempt (server-webapp.rules)
 * 1:24667 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules)
 * 1:24649 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24648 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24640 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules)
 * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules)
 * 1:24646 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules)
 * 1:24668 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24643 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX function call access (browser-plugins.rules)
 * 1:24642 <-> ENABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 1:24637 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 redirection page - specific structure (exploit-kit.rules)
 * 1:24628 <-> ENABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (server-webapp.rules)
 * 1:24641 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules)
 * 1:24662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules)
 * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig arbitrary file execution attempt (file-other.rules)
 * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules)
 * 1:24631 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Lizard/1.0 (blacklist.rules)
 * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules)
 * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Dycler variant outbound connection (malware-cnc.rules)
 * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules)
 * 1:24638 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 redirection successful (exploit-kit.rules)
 * 1:24634 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - vaccinepc (blacklist.rules)
 * 1:24639 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (rpc.rules)
 * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:24645 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24653 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 table th element use after free attempt (browser-ie.rules)
 * 1:24654 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 table th element use after free attempt (browser-ie.rules)
 * 1:24661 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 style properties use after free attempt (browser-ie.rules)
 * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules)
 * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24647 <-> ENABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules)
 * 1:24669 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24632 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - 1 (blacklist.rules)
 * 1:24663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules)
 * 1:24644 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:24630 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - test_hInternet (blacklist.rules)
 * 1:24636 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 redirection page - specific structure (exploit-kit.rules)
 * 1:24670 <-> ENABLED <-> EXPLOIT-KIT KaiXin pack attack vector attempt (exploit-kit.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules)
 * 3:24671 <-> ENABLED <-> EXPLOIT Microsoft Windows Explorer briefcase database memory corruption attempt (exploit.rules)
 * 3:24666 <-> ENABLED <-> EXPLOIT Excel invalid data item buffer overflow attempt (exploit.rules)

Modified Rules:


 * 1:13915 <-> DISABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> DISABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> DISABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> DISABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15582 <-> DISABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:16205 <-> DISABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16286 <-> DISABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16475 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules)
 * 1:16476 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16630 <-> DISABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16654 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules)
 * 1:16691 <-> DISABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:17230 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17113 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource redefine flowbit (web-client.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> EXPLOIT VNC client authentication response (exploit.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17407 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17508 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> DISABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:18273 <-> DISABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19215 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19289 <-> DISABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> DISABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20260 <-> DISABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> DISABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20450 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> DISABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20462 <-> DISABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20475 <-> DISABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20495 <-> DISABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20516 <-> DISABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20563 <-> DISABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> DISABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20622 <-> DISABLED <-> FILE-OTHER Oracle Java Applet remote code execution attempt (file-other.rules)
 * 1:20723 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> DISABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> DISABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20800 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> DISABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> DISABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> DISABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> DISABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> DISABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20850 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20851 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules)
 * 1:20852 <-> DISABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20856 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> DISABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20895 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> DISABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> DISABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> DISABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20915 <-> DISABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> DISABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> DISABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20929 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> DISABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> DISABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> DISABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20978 <-> DISABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> DISABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> DISABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> DISABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20986 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> DISABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:21008 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21012 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21052 <-> DISABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> DISABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> DISABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21074 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules)
 * 1:21109 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> DISABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> DISABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21295 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21398 <-> DISABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules)
 * 1:21432 <-> DISABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> DISABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21573 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> DISABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> DISABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21617 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> DISABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21623 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21693 <-> DISABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> DISABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> DISABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> DISABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21802 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> DISABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> DISABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> DISABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21861 <-> DISABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> DISABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> DISABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> DISABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21879 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21880 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21894 <-> DISABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> DISABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21940 <-> DISABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:21955 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file magic detected (file-identify.rules)
 * 1:21956 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file attachment detected (file-identify.rules)
 * 1:21957 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file attachment detected (file-identify.rules)
 * 1:21962 <-> DISABLED <-> MALWARE-CNC BB communication protocol connection to server (malware-cnc.rules)
 * 1:22013 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22043 <-> DISABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> DISABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> DISABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> DISABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> DISABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> DISABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> DISABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> DISABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> DISABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> DISABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22973 <-> DISABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> DISABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> DISABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:23815 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23813 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23811 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23777 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23775 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> DISABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23773 <-> DISABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23770 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23767 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file magic detected (file-identify.rules)
 * 1:23769 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23765 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23766 <-> DISABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)
 * 1:23764 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23755 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23748 <-> DISABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23752 <-> DISABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23734 <-> DISABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> DISABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23730 <-> DISABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23733 <-> DISABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23728 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23726 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23710 <-> DISABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23708 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules)
 * 1:23695 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23693 <-> DISABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23498 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:22976 <-> DISABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> DISABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> DISABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> DISABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> DISABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> DISABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> DISABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> DISABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> DISABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> DISABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> DISABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> DISABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> DISABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> DISABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> DISABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22995 <-> DISABLED <-> FILE-IDENTIFY MOV file attachment detected (file-identify.rules)
 * 1:22996 <-> DISABLED <-> FILE-IDENTIFY MOV file attachment detected (file-identify.rules)
 * 1:22997 <-> DISABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> DISABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:23000 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> DISABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> DISABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> DISABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> DISABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23098 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:23167 <-> DISABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> DISABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> DISABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules)
 * 1:23208 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waprox.A runtime detection (malware-cnc.rules)
 * 1:23256 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23319 <-> DISABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> DISABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> DISABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23347 <-> DISABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> DISABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> DISABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> DISABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> DISABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> DISABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> DISABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> DISABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> DISABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7165 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (malware-other.rules)
 * 1:7113 <-> ENABLED <-> MALWARE-BACKDOOR donalddick v1.5b3 runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7104 <-> ENABLED <-> MALWARE-BACKDOOR aol admin runtime detection (malware-backdoor.rules)
 * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules)
 * 1:3082 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect Client Response (malware-backdoor.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:24555 <-> DISABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24554 <-> DISABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24454 <-> DISABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24453 <-> DISABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24412 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24359 <-> DISABLED <-> OS-WINDOWS SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2435 <-> DISABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24264 <-> ENABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules)
 * 1:24263 <-> ENABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules)
 * 1:24206 <-> DISABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24158 <-> DISABLED <-> FILE-IDENTIFY .rtx file attachment detected (file-identify.rules)
 * 1:24157 <-> DISABLED <-> FILE-IDENTIFY .rtx file attachment detected (file-identify.rules)
 * 1:24156 <-> DISABLED <-> FILE-IDENTIFY .rtx file download request (file-identify.rules)
 * 1:23639 <-> DISABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23497 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23496 <-> DISABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:24101 <-> DISABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:23605 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23679 <-> DISABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:24100 <-> DISABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24089 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24050 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24049 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24048 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24047 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24046 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24045 <-> DISABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24026 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24005 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24004 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:23969 <-> ENABLED <-> MALWARE-OTHER Android SMSZombie APK file download (malware-other.rules)
 * 1:23839 <-> DISABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:23823 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23640 <-> DISABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23661 <-> DISABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23822 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23821 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23820 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23650 <-> DISABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23818 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:13584 <-> DISABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:23817 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:13911 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:13797 <-> DISABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:12209 <-> DISABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)