From the eicar page:
– Sorry, HTTP downoad ist temporarily not provided. –

You must activate SSL inspector and install the certificate in your Mac

https says all you get is the SNI field so nothing will ever be scanned.

SSL Inspector can be used... if you like making extra work for yourself. Both of the virus blocking modules have been all but useless for years, long since superseded by the anti-malware category that's enabled by default in Web Filter.

That isn't to say the modules don't have value, because they do still help with FTP sometimes, but they have far less value in the modern workplace and home than they once did. We have better tools now. Web Filter and Threat Prevention work on reputation, which is FAR MORE RELIABLE than a signature check on an executable.

Do you ever sell your clients DNS type services ? Example DNS filter or such services ? My old boss HATED UTM firewalls with a passion and always used Mikrotics or Pfsense. 2 years working there not a single virus infected computer etc etc.

DNS Filter is in my stack, but I still prefer Untangle. The policy manager is leaps and bounds better at singling out specific people or machines for different filtration rulesets. DNS Filters limit you to a single ruleset for the enterprise. There are means of changing that... but all of them are limited.

Also, DNS Filters are all uniformly utterly DESTROYED by DoH and DoT. You can resolve your names however you want with Untangle, that HTTPs session is still being managed by the platform.

A quick tweak to the browser and all the DNS filtration in the world is irrelevant. Malware only needs to use its own hard coded DNS resolver to bypass the filters too. DNS Filters are garbage... but yes I do use them. They do work well in malware prevention, they completely suck at containment. Untangle does BOTH!

To echo other responses: this module is really only useful today if you also have a solid SSL Inspector implementation, which is... difficult in many environments.

As little as 5 years ago this wasn't a problem. Trusted certificate were out of reach of the malware pushers, and they didn't need them anyway. These days anyone can get a LetsEncrypt cert, and it's become worthwhile for the malware gangs to do just that. Just about everything now (malware or not) uses TLS, making this module much less useful.

But all is not lost! The Web Filter app's Malware categories still catch a lot of malicious traffic, even without SSL Inspector.