I've been on both sides of the debate with respect to whether or not to install antivirus software on a server running Microsoft SQL Server. If you decide to go down that route (or you are required to go down that road), here's the guidance you need to read:
At a minimum, make sure you aren't scanning:
- Files with the standard SQL Server extensions: .mdf, .ndf, .ldf
- File with the standard SQL Server backup extensions: .bak, .trn
- Directories where Full Text is writing to.
I would also include:
- I would include the LOG directory for the SQL Server install.
- Files corresponding to 3rd party backup extensions (like .sqb for SQL Backup).
There is also guidance for Analysis Services and for SQL Servers installed on clusters.