Ok then, the 6771 dats have now been released and there is no mention of the w32/pift worm. checked the vil.nai.com and it still has nothing on it. Can someone update us or the VIL with some information on this worm? I have upper management breathing down my neck on this.
Hi, we have gold partner support. I asked if it is in 6770 and no, for some reason it is highly recommended to apply the extra dat as not in upcoming DATS - no idea why and info is scarce. I did that as an emergency change as its out of band for us, we just normally do DATs. running on a few hundred production servers and lots of clients now without issue. I could not get an answer on how widespread this virus is - if anyone knows that then please post up.
We are on the same boat, i.e., only deploy extra.dat when we have a new discovery/outbreak.
Checking DAT 6772 and 6773 no sign of W32/Pift
I might give support a ring to find out what to do........
Any news anyone???
Can you tell me how to verify if a virus is covered by a DAT file?
Have just received this reply from McAfee support:
Currently VSE On demand scanner is detecting this threat but not OAS.
Below is ETA to include in out scanners.
o McAfee Gateway and Command Line Scanners – available in 6771 DATs
o VSE On Demand Scanner – available in 6771 DATs
o VSE On Access Scanner – tentative ETA is July 17, 2012.
OAS scanner will start detecting it in tomorrow's DAT file.
Currently if you have W32/pift infection then please run the stringer file/ED which will resolve the issue."
This information should be put on the website.