Andreas Moroder wrote:
Hello,
on our PCs we have this small scripts
c:\prog\bin\wget -Nnv ftp://svc-ftpticket/ticket/download/*
that downloads from a server to the PC the contents of a directory
when the content of the source is newer.
Sometimes on the client our McAfee antivirus systems generates a
warning telling us, that wget tries to connect to our server using the
port 666x ( where x i 6, 7 or 8 ).
Can anyone please tell why wget uses this ports and how I can stop
this ? Why does it happen only sometimes ?
Thanks
Andreas
Because windows gives him that port. wget asks for a port to
communicate, any port, it doesn't matter which. So Windows provides him
an unused port. Usually, the smaller port that hasn't been used yet.
Other Operating Systems do the same.
It only happens sometimes because it's an unlikely event. You could get
the same warning for your browser, if you visited ft pages enough times.
It's a combination of using ftp (which opens a listening port, for
passive connection) and 6666-6668 range (where irc servers tend to
listen) what makes McAfee nervous.
You can try instructions from kb812873
<http://support.microsoft.com/default.aspx?scid=kb;en-us;812873> to
exclude that range, add --no-passive-ftp option to wget so it doesn't
open a listening socket, and reporting the problem to McAfee so they
don't give such warning (while it may be sensible if someone wanted to
listen on it, it shouldn't be throwin a warning if the user requested
"any port").
