Well, it should be enough to setup antivirus, shouldn't it? It should prevent SFTP server to store any infected file on the server machive in same way as it does not allow this to other applications.
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Is there any form of security filter that can be used while still alowing uploading? They say WinSCP will allow users with viruses to penetrate the firewall by accident and cause damage.