Not to be... (at least not always)

Why? Simple, try to image, you are a real time mail server, doing 5000 I/O's per second and you're interrupted everytime by Anti Virus (AV) software when you try to write, or even worse try to read to and from a storage system. The attempt made by the AV solution fails after a number of retries, since you have a non shared lock on the file you are accessing. In one of my previous posts, I talked a bit about drivers and DPC's and how Windows schedule system threads/drivers using the dispatcher (effectively doing cooperative multi-tasking on kernel level). Imagine the serialization this is causing, not to mention the fact virusses only infect files when performing a write operation, not when doing a read operation.

To all people out there in the world, please look closely at your standard AV configs deploying on servers. Make sure scan policies are set to scan write operations only, when this is not enough, schedule as many manual scan tasks as you see fit and please exclude any files that are exclusive in use by an application or operating system (database files, cluster configuration files immediately pop-up in my mind).

Don't say I didn't warn you...

P.S.: Yes I understand the necessity of having an AV solution, I don't say never to install one, just be careful with its configuration, because AV solutions can be as dangerous for systems stability as virusses can be for security.