Port 21 is only the ftp connection for control. For passive ftp, the connection for data can be any selected port, including very high numbers-like 60000 range. Probably would take a fair amount of effort for avast! to find the incoming port by monitoring ftp sessions, do a redirect, and then scan the traffic. Really not much advantage in scanning ftp traffic like a web page-it is not usually opened automatically, and when it is opened, will be scanned by the Standard Shield. Just another .exe or .zip (or even .scr) file or such, after all; not dynamic like some http pages with scripts, active X, etc. embedded in them.