Antimalware.MATD.GetReport property returns true and sets other properties of AV family like Antimalware.Infected and Antimalware.MATD.Report if it was able to download an existing report for the current body.
rule 1: check if a recent report can be downloaded
condition: Antimalware.MATD.GetReport<atd config> equals false
action: stop rule set
rule 2: evaluate results. Here cached values are used
condition: Antimalware.MATD.Probability greater than 0
Andrej, you are perfectly right.
These properties work well together, although the results are obtained from Web Gateway's cache only, without actually querying the ATD appliance for its archive.
Thank you and best regards.