There are several challenges facing modern signature-based network intrusion detection systems that impede their ability to detect malicious content. Transport mechanisms for protocols like SMTP (Simple Mail Transfer Protocol) and HTTP (Hypertext Transfer Protocol) involve encoding, encryption and compression. Host-based file analysis tools, such as anti-virus (AV) systems, typically do not provide alerting information showing transport origination. Similarly, network intrusion detection systems (IDS) don't normally provide file information such as message digests, file size, or decoded content. These shortcomings in existing systems impair the ability of system administrators to defend networks from malicious content.