What to test here
This page tests whether your SSE security gateway inspects content and blocks malware. It uses the EICAR Standard Anti-Virus Test File — a harmless 68-byte string that every compliant anti-malware engine recognizes as malware without being actual malware. It was designed specifically to let you test gateway inspection without distributing real malware. If your gateway claims to scan HTTPS traffic for malicious content, it should block all EICAR URLs on this page.
The page offers two types of tests. The obvious URLs have filenames like
eicar.com that any URL-pattern filter would catch without reading the content.
They also cover a different file extension and the EICAR string packed inside a ZIP archive —
all compliant content filters should detect EICAR in those formats too.
The dynamic link test generates URLs that are all structurally identical — half serve EICAR, half serve harmless content of the same length — so a gateway must actually inspect the content to decide. This distinguishes true content scanning from simple URL-pattern matching, and also reveals over-blocking of safe content.
Obvious EICAR URLs
The filename in the URL path makes the content obvious to any URL-pattern matcher. A gateway that blocks these but not the dynamic links below may use URL filtering only, not content inspection.
/eicar/eicar.com
text/plain, .com extension
/eicar/eicar.txt
text/plain, .txt extension
/eicar/eicar.zip
application/zip, EICAR inside archive
Dynamic Link Test
All dynamic test URLs follow the pattern /content/test<N>/testfile
where N is a large random integer. The server uses an HMAC keyed to a private
secret to decide — based solely on N — whether to serve EICAR or a harmless
string of identical length. Neither the URL nor the page source reveals which is which;
the decision is made server-side from the content alone.
A fresh set of six URLs is generated on page load — three serving EICAR and three serving benign content, in random order — together with the expected result for each. Use the Test button on each row to fetch the URL in the background and automatically classify the outcome: blocked, EICAR served, or benign served.