You probably won't like my opinion in such a corporate environment, but Dont install any AV software. Here's step s to set up a nearly virus impenatrable system:
1: Dont use Internet Explorer. Go get Mozilla at
2: Dont use Outlook Express for email or news AT ALL. It allows arbitary code to be run from the view window. I don't know a version that hasn't been hacked. I'd suggest the Mozilla Mailer, as it comes with the mozilla browsing suite.
3: Don't use MSOffice. Instead, install OpenOffice. It doesn't let silly stuff like macro viruses execute. It does not, allow any macros to execute. It will open most all MS office files, with exception of the Database. In place of the Database, you can use MySQL with MYSql-Front. That tool allows a MS database to be loaded through ODBC to MySQL.
4: When you install the server software, make a user like Webguest and put extreamly stringent rules on it. Essentially, dont let it even write to anywhere except {home}/webserver/ . Have the server run as that user ONLY. This tries to prevent
5: Erase (or delete RUN) the file extention related to VBE. That alone stops a truckload of problems.
6: Use programs ONLY from authoriate sources. CD's, Update packages, and source packages (assuming you want to use a windows compiler suite). For anything else, just make a directory that shares read/write of "questionable packages" to a computer that has AV installed. Anacedotal tip: I've never been infected with a virus from any commercial company, as the bad PR from the incident is more than enough to scare them to NEVER do such.
7: In the Bios, disable Boot from A: . This prevents those rare bootvirus-infected disks. And simply, dont (physically) allow home-brewed cdrom to enter the machine at boot time. I've not heard of a CD-rom boot virus, but it's 100% possible.
If you follow these steps, you shouldn't be infected by anything. Still, if I was that paranoid, just have the c$ share mounted to another machine that scans it once a day. It'd be cheating a license, but it works. Still, I've followed those steps on all my windows installs from day 1. Only once did I have a virus (and it was intentional- I wanted to see the FireTruck virus ;-). It was on a totally fried 9 month old install of Win95.
Hope that helps.