Just reboot the device. While it is down, all traffic should be transfered to the only device that is up.
if you need to simulate an AV engine failure while the machine itself is still reachable you can do that by logging in via SSH and stopping the antivirus service:
Now all request will be blocked, which is the default behaviour in case something is wrong with the AV engine. This is probably something your load balancer can not handle or detect, unless you check for certain error templates.
Otherwise just follow jont717's advice and reboot/shutdown the appliance or just stop the whole MWG service (/etc/init.d/mwg stop) if you still need a ping to go through.
Rebooting or stopping services, as pointed out earlier would do the trick. Depending how how you are performing the health check, blocking a page might work too.
Depending on which load balancer you use, you could do some really fancy health checks. We use F5's and perform the following check (every 10 seconds, kick MWG out of the pool on 3rd failure)
F5 sends HEAD http://www.google.com/ HTTP/1.1\r\nHost: www.google.com\r\nConnection: close\r\n\r\n string to the MWG, if responce is HTTP/1.1 200 OK you know MWG is processing traffic; if no responce or something other then 200 OK you know you have a problem. You will get HTTP/1.0 403 CannotLoadAV responce if AV engine cannot be loaded; just make sure you do not bypass the AV scanning for the site your are checking, or you will be getting 200 OK back even thought the AV engine has stopped/failed.
Yes that is exactly what i am doing.