I would expect the EICAR test file gets detected. Can you verify that other filters are working, such as URL Filter or Media Type filter? Do you have a valid license and recent engine updates loaded?
Is this a new installation or was the Web Gateway installation filtering as expected before?
How do I confirm the license is correct. I have a license installed - it includes a Web Gateway license but not a Anti-Maleware license.
1. If I am installing it as a Plug-In to ISA server is this the correct license?
2. If it is correct should it stop the EICAR file being downloaded?
The standard Web Security License includes the McAfee Antivirus engine. That will catch EICAR.
There are two ways to use the ISA plugin, ICAP mode and Next-Hop proxy mode.
If using ICAP, make sure you are using ICAP RESPMOD. If using Next-Hop, it should already be scanning incoming responses.
Maybe it would help if you copy the URL to the Eicar test file and put it into "Analyze Object Filtering". You can then look into the filters log and see which filters were applied or if there was a whitelist entry matching. You can also paste the output here if you need help.