The issue with such virus scanners is that they work as on-access scanners, and you should never run more than one on-access scanner simultaneously. (Attempting to run two or more is likely to cause problems as they plug into the operating system's file access routines, and expect to be the only on-access scanner on a given computer. The usual results: spontaneous system crashes, slowdown, and even a lower detection rate)
On the other hand, on-demand scanners, like ClamAV/ClamWin, or the on-demand components of commercial AV's, can easily be "stacked", for example in a simple *.cmd.
This greatly improves the detection rate.
The downside is that you have to remember that you need to explicitly request a scan by calling the *.cmd.
Adding an option to WinSCP would automate this step.
I would suggest adding an option
"Command to be executed after download/before upload", with a placeholder like %f for the file name.
So, for example, the user would specify
"C:\Program Files\AntiVirus\Antivirus.cmd %f" if using a *.cmd, or maybe "C:\Program Files\MyFavoriteAntiVirus\mfav.exe -f %f --yap"
("yap" = yet another parameter ;-))
Upon completion, the return code should be checked.
I'm not sure if there's a common standard among Anti-Virus vendors as to which return code means what, so it might be useful to provide a field prompting for a numeric value that indicates a "clean" scan result.
NB: Certain Instant Messaging programs like AIM and Trillian already offer such a scanning option for their file transfer features.