I do not insist that you 'should' do a scan of the FILESTREAM data. As MSDN (link posted by gail) says, if it is 'necessary' do it, if not 'do not do it'.

There is a big difference from how the blob data is stored within SQL Server and how it is stored in FILESTREAM. When you store some blob data (usually content of a file) into FILESTREAM, the content is stored 'as is' into the filestream data container. It means an exact copy of your original file (which could be infected) is stored in filestream. This file can be opened/executed by a malicious program or human being who has the required windows permissions without letting SQL Server know about it.

I **think** this could be one of the reason why someone might decide to enable a virus scan on the FILESTREAM data.