Basically Microsoft is saying it’s OK to have file-based antivirus software on Forefront Edge products as long as the exclusions listed in the TechNet article are followed.  These products are (at of the date this blog was created):

ISA 2000

ISA 2004

ISA 2006

IAG 2007



I vaguely remember a few years ago Microsoft’s stance was no file-based antivirus software on any “firewall” product.  The reason was the more software you have on an edge product the more exploits are available.  I can’t remember if I heard that online, from someone, or at the Forefront Airlift.  Either way Microsoft’s stance today is file-based antivirus on Forefront Edge products are OK as long as the exclusions are followed.