Rule ordering

[olicooper]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Add rule /.*Win\.Dropper\.Fileinfector-9832966-0.*FOUND$/
2. Sync 'infected' file (file attached is false-positive) to trigger 'FOUND' rule concrt140.zip

NOTE: If you change the default 'FOUND' rule (see here) to "Mark As": "Unchecked" (to skip the rule), the file can now be uploaded. I think there needs to be an 'Order' column to allow rules to be reordered and skip any other rules?

Expected behaviour

I have added an exception for a false-positive, so I expect this rule to allow the file to be uploaded, but I think the default "FOUND" rule is matching before my own custom rule.

Actual behaviour

File isn't uploaded - virus detected error is thrown.

Server configuration

Operating system: Debian 10

Database: MariaDB

PHP version: 7.4.3

Nextcloud version: 20.0.8

Signing status:

Signing status

``` No errors have been found. ```

Are you using encryption: no

Logs

/var/log/clamav/clamav.log

Mon Mar  1 16:00:12 2021 -> instream(local): Win.Dropper.Fileinfector-9832966-0(1028995446d0032530461be30ca98f48:332568) FOUND
Mon Mar  1 16:00:13 2021 -> instream(local): Win.Dropper.Fileinfector-9832966-0(c1b066f9e3e2f3a6785161a8c7e0346a:627992) FOUND

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` OCA\DAV\Connector\Sabre\Exception\UnsupportedMediaType: Virus Win.Dropper.Fileinfector-9832966-0 is detected in the file. Upload cannot be completed. ```