Trend Micro InterScan VirusWall HTTP Proxy Content Scanning Circumvention Vulnerability Proof of ConceptTo allow system administrators to test if their VirusWall is configured correctly we provide a public demo server and the source code of a fake web server that will generate the "Content-Length = 0" header and send the EICAR anti-virus test file as content. For more information about the anti-virus test file visit the European Institute for Computer Anti-Virus Research (EICAR) at www.eicar.org Public demo serverViruswall will block the EICAR anti-virus test file if it is downloaded from a regular web server. This can be tested with a version of EICAR available at
www.inside-security.de/eicar.com
If the same file is downloaded from a modified web server the default configuration of VirusWall will skip content scanning and let the virus pass through to the client. This can be tested with a version of EICAR available at the modified server
vwall-cl0-demo.inside-security.de/eicar.com
If VirusWall is configured according to the workaround it must block both versions of the download above. Download fake web server source code | 
