I first started working with Exchange in 1998 and up until a couple of years ago usually avoided installing a file level real-time anti-virus scanner on a dedicated Exchange server. (The exception to this is where an Exchange server has other functions like file sharing, or is a Small Business Server.) Unfortunately with the growing number of nasties in circulation a file level (and memory resident) AV scanner has become a precautionary requirement.
If you do use file level anti-virus scanning you should exclude the databases, logs and SMTP Mailroot folders. Failure to do so could leave you with possible log/DB corruption and excessive CPU time on your AV processes. In fact, I’d recommend excluding all Exchange folders from scanning. This also applies to scheduled and manual scans.