UPDATE: With apologies this isn't a bug, as clamav is a plugin in it's own right, I shouldn't have tried to set it as a global. See Paul Holden's comment below.

Testing instructions

1. Install clamav on a Moodle server
2. Enable the clamav antivirus plugin via /admin/category.php?category=antivirussettings
3. Check that path is not configured at /admin/settings.php?section=antivirussettingsclamav
4. Add the directive  $CFG->pathtoclam = '/usr/bin/clamscan'; to config.php
5. Repeat step 3 - Check that path is not configured at /admin/settings.php?section=antivirussettingsclamav
6. (Optional) check that clamav actually works regardless.

The expected behavior is that pathtoclam should work exactly as other system paths do and not suggest to admins that the pathtoclam has not been configured when it actually has. This is particularly important when $CFG->preventexecpath = true; is also set, as it gives the appearance that clamav hasn't and cannot be set when in reality the status of pathtoclam is unknown.