Posted 04 January 2013 - 09:23
[First of all, a disclaimer: I happen to work for a company that develop anti-malware software, so please keep that bias in mind when reading my reply. AG]
It's not clear to me from reading the message thread as to whether the network containing the server has Internet access or not. If this is an isolated (non-Internet connected) network, than installing and updating security software on it is probably going to be more for compliance or insurance reasons, than anything else (e.g., install the virus signature database at the same time OS and application patches are brought in on disc).
If the server is connected to the Internet, or other devices attached to the same network it's on are connected to the Internet, than one needs to start thinking about the way in which those systems could be compromised, and what that might lead to for the business if those hosts—or the server—were compromised. Securing a network is about managing risk, and as C:Amie noted, that is a cost measurement you have to make.
For the most part, how a server is used at a business is not that relevant to the attacker: There may be data of value on it (financial or customer records, business plans and so forth), but targeted attacks like that are rare. Usually they serve as a springboard from which to attack other hosts, either on that network or other Internet-connected hosts. For that matter, an infection could occur from something like the Conficker worm, which is still spreading, even though it seems the operators of that particular piece of malware gave up on it years ago.
Does that mean that your network is bound to be infected? No, it does not. But, perhaps it does mean that some basic level of protection isn't a bad idea. While most anti-malware products for servers are commercial products, there's Clam AV, which is free. It does not have a real-time component, but you could schedule it to run at times when it won't impact the business.