Not all malware relies on patchable vulnerabilities. Even being alerted to a known exploit
arriving from some vector allows a user to take action, even if they're not vulnerable. I'd
certainly stop browsing a site if I discovered they were trying to infect my computer with
something, even if they can't infect it.
Though I generally wouldn't run an anti-virus scanner because of the performance implications
- they tend to suck up tons of CPU resources and are awful for developers or anyone who
creates lots of files. But that doesn't mean there is no use-case for anti-malware scanning.