The issue around test files is that it is easy to provide files that are "known good" or "known bad" to sandstorm (see Step 3 in my note above). It is hard to provide files that are not known and should be send for analysis (Step 4), since after the first analysis it becomes a known file. Instead of a single file for testing, you actually need a file generator.
Assuming that the virus identities are installed, then any exe that is under 10MB and does come from certain trusted sites should cause the file go through sandstorm.
