We just ran into the issue of not seeing incomplete submissions from the editorial side of 2.4.x yesterday. We wanted to delete a duplicate section, but there were two incomplete submissions using that section. The editorial staff were unable to find those submissions, but could login as the authors to see and correct the section assignment.
It would require a code change (preferably, a plugin) to hook the ArticleFileManager::handleUpload event to perform a dynamic virus scan of submitted files. A similar (but not identical) question was discussed here: