||My suggestion - Antivirus software is most like a hoax.
It does stop mass distribution of well-known executables, but it does not stop 0-day old evil binaries.
This problem will only increase as more code morphing tools will be developed.
While working in banking industry I've submitted about 5-6 different custom trojan binaries for inclusion to antivirus databases. Those files were found by aggressive filtering at our network borders, no one antivirus were aware of them (even with "heuristics" analysis enabled).
By taking a look on "New 300+ virus signatures were added today" and "New Trj/Small.GJ version found" antivirus update logs you will understand problem.
The only way to be protected - is to configure your systems to resist attacks, not to clean them after successful one.
Fix the cause - not results.
In my environment - if system were compromised - it's immediately taken down, analyzed for cause and completely rebuilt from scratch (or known backup image) using new information obtain. As well law enforcement contacted/notified ;-)
As well I've used another different technology to keep systems working since 1997 - imaging and disk write protection. Making a system drive read-only will make costs of cleaning / maintenance equal to cost of system reboot.
This is how you can make you a little bit more protected (it's never enough).
Do not rely on antivirus. They give you false sense of security.