Knowledge Base

Why can't EICAR test files be detected by the Anti-Virus?

Question

For the Anti-Virus feature of the USG40, we are running the test of EICAR (which is suggested in the document from http://onesecurity.zyxel.com/), but the firewall did not destroy the downloaded files.

Why can't EICAR test files be detected by the Anti-Virus?

Answer

Anti-Virus on models without the SSL inspection function (for example, the USG40/40W/60/60W) can't detect virus in HTTPS traffic.
Only the files downloaded by using the HTTP protocol can be scanned and detected.
If you have downloaded the test EICAR files by using an HTTPS link, the file cannot be scanned or detected by Anti-Virus.
 

Verification

 
Step 1: Go to the EICAR official website to download test files by using the standard protocol HTTP:
 
Step 2: In ZyWALL/USG, go to MONITOR > Log, you will see the EICAR test files are detected and destroyed.
 
Step 3: In the ZyWALL/USG, go to MONITOR > UTM Statistics > Anti-Virus (Collect Statistics need to be enabled before testing), and you will see that EICAR-Test-Files are detected.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:015393
TYPE:General Info
FIRMWARE:4.13 and above
VIEWS:1443
VOTES:2
TECHNOLOGY:
MODEL:USG40,USG40W,USG60 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support