Updated: Jan 29
Eicar.org used to provide the following HTTP links to download Eicar test file.
Some customers kept the links and try to download the files using the links. When Eicar test file is downloaded using the HTTP links above, it is not detected on the firewall by either "Eicar File Detected(39040)" (Type: vulnerability) nor "Eicar Test File(100000)" (Type: virus).
This started happening since around the middle of July 2020.
A change was made on Eicar.org around the middle of July 2020.
Here's the screenshot of the portal site (https://www.eicar.org/?page_id=3950).
(Screenshot was taken on Aug 25 2020)
Eicar.org changed the behavior to redirect all 'http' requests to 'https'. (It may change again in the future.)
This can be confirmed by running a curl command or by looking at a packet capture.
$ curl http://2016.eicar.org/download/eicar.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>301 Moved Permanently</title>
<p>The document has moved <a href="https://www.eicar.org/download/eicar.com">here</a>.</p>
Since the traffic is redirected to https, SSL decryption is necessary to detect Eicar test file on the firewall.
As a workaround, please use your own server. For example, if you already have a web server (Apache, Nginx, etc), place the Eicar test file on the server and download it through the firewall using http.
If you do not have any server to use, but if you have a PC that runs Python, simple web server can be used.
$ python -m SimpleHTTPServer 80
$ python -m http.server