Re: [Bug-wget] wget generates warning from McAfee

[Keisial]

Andreas Moroder wrote:
> Hello,
>
> on our PCs we have this small scripts
>
> c:\prog\bin\wget -Nnv ftp://svc-ftpticket/ticket/download/*
>
> that downloads from a server to the PC the contents of a directory 
> when the content of the source is newer.
>
> Sometimes on the client our McAfee antivirus systems generates a 
> warning telling us, that wget tries to connect to our server using the 
> port 666x ( where x i 6, 7 or 8 ).
>
> Can anyone please tell why wget uses this ports and how I can stop 
> this ? Why does it happen only sometimes ?
>
> Thanks
> Andreas

Because windows gives him that port. wget asks for a port to 
communicate, any port, it doesn't matter which. So Windows provides him 
an unused port. Usually, the smaller port that hasn't been used yet. 
Other Operating Systems do the same.
It only happens sometimes because it's an unlikely event. You could get 
the same warning for your browser, if you visited ft pages enough times.
It's a combination of using ftp (which opens a listening port, for 
passive connection) and 6666-6668 range (where irc servers tend to 
listen) what makes McAfee nervous.


You can try instructions from kb812873 
<http://support.microsoft.com/default.aspx?scid=kb;en-us;812873> to 
exclude that range, add --no-passive-ftp option to wget so it doesn't 
open a listening socket, and reporting the problem to McAfee so they 
don't give such warning (while it may be sensible if someone wanted to 
listen on it, it shouldn't be throwin a warning if the user requested 
"any port").