I think it is a good idea that the anti virus software is configured to scan the FILESTREAM files. However, you need to make sure that if an infected file is found, it is not deleted immediately but quarantined. If the anti virus software deletes infected files (from the filestream data container) you will end up with a corrupted database.

You can do a dbcc checkdb to check the consistency of the database. If a filestream data file is missing (in case the anti virus software finds an infected file and move it to the quarantine folder), dbcc will raise an error and will report the name of the file that is missing. You can then match this information with the files in the quarantined folder and verify whether the error is caused by the antivirus (which moved the file to quarantine folder) or due to something else.

If such a case is found, you can repair the database by running DBCC with REPAIR_ALLOW_DATA_LOSS in which case, the entire row (not only reference to the filestream data) will be deleted from the table.

One 'un-documented' work around is to create an empty file with the same name and put in the filestream folder. You will certainly lose the filestream data, but the row will not be deleted and the database corruption will be fixed. This option is applicable only in case you care for the data in the row and do not mind the filestream data getting deleted. In many cases you may not want to do this because one of the basic purpose of FILESTREAM is to ensure consistency between the relational data and data stored in NTFS. So if the filestream data is lost, the relational row should also be deleted.