alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE FSG Packed Binary via HTTP Inbound"; flow:from_server,established; content:"|4D 5A|"; content:"|50 45 00 00 4C 01 02 00 46 53 47 21|"; distance:10; reference:url,www.securityfocus.com/infocus/1745; classtype:trojan-activity; sid:2002773; rev:8; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)