Pushing this thread up again:
Antiviruses follow a flawed approach that can never create a system with a reasonable security/efford ratio. They use something called badness enumeration, which can be explained like this:
The system runs everything and allows everything, except A, B and C. Those processes are malware and are not permitted.
Now what happens if someone develops malware D? It will only end up in a malware list if it was already used, with some delay and incomplete. I dont think antivirus companies share their lists, which is very bad and increases this efford.
So you will never have a secure system and always need to follow every single piece of malware, and patch vulnerabilities.
SELinux and AppArmor, as well as Flatpak and others do the opposite, they only permit certain actions. This may break software, but you adapt the rules to what you know the software needs to do, and unless a release publicly announces a new functionality this should not change, so you are set.
Still, SELinux is disabled for the user and the desktop, which means everything in your home is unprotected, which makes SELinux on Desktops basically useless. Any tool can modify your .bashrc and catch your sudo password, or see all your personal files which you dont store in a system location.
Currently Flatpak is the best solution to avoid issues like these, this example is a cool way to make flatpaks work with dedicated filesystem permissions like music, documents, downloads etc.
SELinux confined users on the other hand also solve the same problem and work for way more programs than Flatpak does, but afaik they are not well compatible with Flatpak and they currently break Desktops and more.
Still I think using ClamAV to scan files you download, like st**id Appimages or random binaries, is really important. As proprietary software and bad packaging formats get even more established on Linux (Tuta, Warp, Balena Etcher and whatnot have Appimages) this is more and more needed.
There is a dolphin extension to scan files with clamAV, I havent tested it though. Running ClamAV permanently in the background is a useless performance hog.