Andrey Bayora reported that only 1 out of 23 tested antivirus software can detect malicious JPEG image (after 6 month from the public disclosure date).
The test result and his paper is located in http://www.hiddenbit.org/jpeg.htm
He mentioned that the antivirus software that can detect the said malicious JPEG image is from Symantec. He noted that ClamAV can detect the said malicious JPEG image 4 months ago but failed to detect this time.
More info in SecurityFocus Bugtraq