they are different reasons to have it in the front of AntimalWare rule set. I could give you some of those i directly have in my mind:
- for a lot of available file types you will need to have complete/full file before scanning. Good example is ZIP, whiteout the full file you cant extract the content of this file for further scanning. So it make sense to get the file from cache then download the file every single time it is requested.
- they are't only downloaded files stored in the cache the client can request. Those might not even require anti malware or are allowed in your rule set before anti malware engine is triggered. By putting WEB CACHE behind Anti Malware rule set cache will not being triggered for those objects.
yes, also from my side, GAM is the most ressource intensive process in mwg. Therefore GAM should be the last rule/ruleset. It makes sense not to scan content which should not be scanned.