How to test threat detection using EICAR test file via HTTP

How to test threat detection using EICAR test file via HTTP

Created On 08/25/20 02:34 AM - Last Modified 08/03/22 03:14 AM

Symptom used to provide the following HTTP links to download Eicar test file.

Some customers kept the links and try to download the files using the links. When Eicar test file is downloaded using the HTTP links above, it is not detected on the firewall by either "Eicar File Detected(39040)" (Type: vulnerability) nor "Eicar Test File(100000)" (Type: virus).

This started happening since around the middle of July 2020.


A change was made on around the middle of July 2020.

Here's the screenshot of the portal site (

User-added image
(Screenshot was taken on Aug 25 2020) changed the behavior to redirect all 'http' requests to 'https'. (It may change again in the future.)

This can be confirmed by running a curl command or by looking at a packet capture.
$ curl
<title>301 Moved Permanently</title>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="">here</a>.</p>


Since the traffic is redirected to https, SSL decryption is necessary to detect Eicar test file on the firewall.

As a workaround, please use your own server. For example, if you already have a web server (Apache, Nginx, etc), place the Eicar test file on the server and download it through the firewall using http.

If you do not have any server to use, but if you have a PC that runs Python, simple web server can be used.

$ sudo python -m SimpleHTTPServer 80

$ sudo python -m http.server 80

  • Print
  • Copy Link

Choose Language