icap 405 check after found check

ConSol · Jun 26, 2024 · 2ba9f69 · 2ba9f69
1 parent 95523db
commit 2ba9f69
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/avgate/avgate.py b/avgate/avgate.py
@@ -658,18 +658,18 @@ def scan_file_icap(content: bytes) -> List[str | None]:
     if first_line != b"ICAP/1.0 200 OK":
         raise EnvironmentError("ICAP not OK", first_line.decode())
 
-    if second_block.startswith(b"HTTP/1.1 403 Forbidden"):
-        return ["FORBIDDEN", second_block.decode()]
-
-    # do not expect any other HTTP status inside second_block (rfc3507)
-
     # check infection
     found = re.search(b"X-Infection-Found: .*Threat=(.*);", first_block)
 
     # real finding
     if found:
         return ["FOUND", found[1].decode()]
 
+    if second_block.startswith(b"HTTP/1.1 403 Forbidden"):
+        return ["FORBIDDEN", second_block.decode()]
+
+    # do not expect any other HTTP status inside second_block (rfc3507)
+
     # in case of 200 the content should be unchanged
     if content == content_back:
         logger.warning("ICAP returns 200 instead of 204 on unchanged content")