Testing Gateway Anti-Virus for HTTP traffic with EICAR test
12/29/2022 1,148 People found this article helpful 403,859 Views
Description
Testing Gateway Anti-Virus for HTTP traffic with EICAR test
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
In order to check if GAV is working properly, i.e. if it is enabled on the correct zones or if the inspection is set to the correct type of traffic, you may visit www.eicar.org and attempt downloading some of the test files available there. This is a safe way of testing your GAV security feature without the need of using actual malware.
Procedure:
Step 1: Make sure that the Gateway Anti-Virus license is valid under DEVICE | Settings | Licenses:
Step 2: Make sure that the Gateway Anti-Virus is enabled on the correct Zone(s) under Objects| Match Objects | Zones:
Step 3: Make sure that the Gateway Anti-Virus is enabled under Security Services | Gateway Anti-Virus:
Step 4: Click "Configure Gateway AV Settings" and make sure that the "Disable detection of EICAR test virus" box is unchecked:
Step 5. Please go to:
https://www.eicar.org/download-anti-malware-testfile/ and choose one of the files to download.
CAUTION: If you do not have DPI-SSL enabled please use "Download area using the standard protocol HTTP." only.
Step 6. When a download is attempted the following pop-up appears:
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
In order to check if GAV is working properly, i.e. if it is enabled on the correct zones or if the inspection is set to the correct type of traffic, you may visit www.eicar.org and attempt downloading some of the test files available there. This is a safe way of testing your GAV security feature without the need of using actual malware.
Procedure:
Step 1: Make sure that the Gateway Anti-Virus license is valid under Manage | Licenses:
Step 2: Make sure that the Gateway Anti-Virus is enabled on the correct Zone(s) under
Network | Zones: Step 3: Make sure that the Gateway Anti-Virus is enabled under
Security Services | Gateway Anti-Virus: Step 4: Click
"Configure Gateway AV Settings" and make sure that the
"Disable detection of EICAR test virus" box is unchecked:
NOTE: In some versions of firmware disabling IPS signature ID 11937 may be required.
Step 5. Please go to: https://www.eicar.org/download-anti-malware-testfile/
and choose one of the files to download.
CAUTION: If you do not have DPI-SSL enabled please use "Download area using the standard protocol HTTP." only.
Step 6. When a download is attempted the following pop-up appears:
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
This article focuses on testing your Gateway Anti Virus service with the EICAR test files.
https://www.eicar.org/download-anti-malware-testfile/
In order to check if GAV is working properly, i.e. if it is enabled on the correct zones or if the inspection is set to the correct type of traffic, you may visit www.eicar.org and attempt downloading some of the test files available there. This is a safe way of testing your GAV security feature without the need of using actual malware.
Step 1: Make sure that the Gateway Anti-Virus license is valid under System | Licenses:
Step 2: Make sure that the Gateway Anti-Virus is enabled on the correct Zone(s) under
Network | Zones: Step 3: Make sure that the Gateway Anti-Virus is enabled under
Security Services | Gateway Anti-Virus: Step 4: Click
"Configure Gateway AV Settings" and make sure that
"Disable detection of EICAR test virus" box is unchecked:
NOTE: In some versions of firmware disabling IPS signature ID 11937 may be required.
Step 5. Please go to: https://www.eicar.org/download-anti-malware-testfile/
and choose one of the files to download.
CAUTION: If you do not have DPI-SSL enabled please use
"Download area using the standard protocol HTTP." only.
Step 6. When a download is attempted the following pop-up appears:
Related Articles
Categories