AV and antimalware via scanning every file on a system is a complicated problem, because introducing a root level tool to read all files on a system expands the attack surface of your system. When you “scan” a system with AV, you’re essentially letting attackers that can reach your email talk directly to a root executable on your system. Pretty high risk behavior.
There are mitigations for the risk (using a scanner that runs as a non-root user, and the root process hands each file over to that scanning process for analysis…assuming the root-level executable that does the reading is small and secure, the attack surface is minimized, and if your AV tool has an exploit it can only ever damage the service users files, absent availability of other escalation exploits). I’ve seen many folks implement virus scanning in a way that makes their system less safe. And, there have been serious exploits of Symantec, McAfee, Windows Defender, etc.
When ClamAV is installed with Virtualmin, we setup a clam@scan service (or something like that, I don’t remember exactly) that runs as a non-privileged user. But, we only set it up to scan email. You could set up another job to use that scan service to process all files on the system periodically. Pretty heavy solution, maybe focus only on files domain owner and email users can change. (Though if you’re scanning incoming email, scanning user mailboxes is less pressing).
ClamAV is what we support, but we’re not stopping you from using anything else. Maldet gets it signatures from the ClamAV project, AFAIK, so I’m not sure there’s a benefit to running it in addition to ClamAV (I don’t have any experience with it).
I don’t want to guess what “poor experience with ClamAV” means. I mean, I don’t like it, as it’s very resource-intensive. But, most AVs are, and there are many I would consider a much higher risk to run. They did just prune a bunch of old signatures from the default database a little while back, so it’s not as heavy as it used to be…but, still, scanning for a gazillion AV signatures is just a hard job. No amount of efficient coding makes it not a hard problem.
I am, personally, very suspicious of proprietary AV (again, because it is a huge attack surface), and I’m also suspicious of new AV products. Not saying there aren’t good ones. I just don’t know how you’d really know unless and until there’s an exploit (and it seems like there’s always an exploit, eventually). And, most of them are repackaging the same AV signatures everybody else has (including ClamAV). You’re maybe mostly paying for packaging and branding.