At time we use "ftp-port-pasv-st" which works for our
internal hosts with primarily updating antivirus-signatures

Now we installed another antivirus-software (Kaspersky) on
one internal server and this software needs active FTP. I am
at a little loss now, because the "Beginners Guide ..."
stays quite short on active FTP.

How should the filter-exceptions look like to get update

Thanks in advance.