When MWG is an ICAP server, the default rules are the starting point. Out of the box MWG will scan for malware.
If you need to make further customizations you can, but often those are application specific.
Oddly enough an ICAP server post was just made referencing one which you might find useful:
There has not been a default ICAP server ruleset, only a pre-build ICAP client ruleset.