even if the file in protected by a firewall, it still needs an anti-virus... the source could be yourself trying to access to this server... but, for performance reasons, you could decide to de-active the "on access" virus scanning and run a daily scan when the system is more quiet.

Every AV solution (whatever kind) hooks up to the I/O layer of the OS. You can, of course, exclude certain executables from being scanned.

The tests we performed some time ago showed a performance impact of 15 - 20 % with an installed AV (TrendMicro) compared to a "naked" system.

Here on the forum are a couple of posts when people had "strange" troubles when patching systems and/or databases since the application wanted to open/close/delete files that were locked by the AV and thus producing errors. Not without reason most software vendors recommend to stop the AV when you install/patch/update software.

I personally would never install an AV solution on a database server, I would put a firewall in front of the system and strictly define, who can access the system on the "critical ports". However, this is just my personal opinion.

Markus