A good question that gets a lot of lively discussion in network administration circles.
If your server is exposed to the internet in any way except through the connected workstations, it needs to be protected with some sort of anti-virus solution. There is a serious misconception borne out of the belief that if the computers connected to a file server are all running some sort of endpoint protection, the server cannot get infected; yet how many times does a new virus, worm or malware package slip through the application meant to protect it and infect the workstation? We see it too often. And if the workstation does get infected, what is the status of the files contained on that workstation?
Furthermore, how many SMBs use their file servers for more than just file sharing? How many have insecure file-transfer programs like Dropbox? How many are hosting an FTP server? How many are opening up port 3389 for remote access without the use of a VPN or firewall? Even more reason to get protected.
We have been using different file server antivirus solutions over the years. Everything from Symantec and McAfee to Avast and Avira. And whatever your personal preference, one thing is certain, your file server needs it, and it needs it now. Please make sure that the type of antivirus you install has an engine capable of running on a file server with the least amount of drag. Contact your local VAR for an assessment of your particular needs – TRA Consulting, Inc., 562-225-4222