Anti-Virus and Databases
General Guidelines
Prevention is better than cure. If a virus could get onto your database server and your data is valuable then you should protect it with anit-virus software. If there is a risk that you could pass an infected file on to a downstream server then you should protect with anti-virus. However, it is better to remove any way for the virus to arrive instead.
For optimal performance it is generally better not to run Anti-Virus on your database server.
If you do run Anti-Virus on your database server then exclude some key files to limit performance impact (see links in Bibliography for more detail).
Some examples of situations where running anti-virus on your database server may be necessary...
Internet facing database servers
Database servers with open ports to other servers that meet any of the criteria on this list
Database servers that read or execute files from other servers.
A database server that also runs HTTP servers, like IIS, or Apache.
A database server that also hosts file shares.
A database server that handles incoming or outgoing email messages (e.g. for SQL Server: SQL Mail or Database Mail)