Not antivirus, but if your SQL server is MySQL, you could consider a very nice product called
GreenSQL. It is basically a SQL proxy, through which you send your SQL, which is then sanitised against most (or maybe even all) possible SQL exploits.
What I would do (and what I have done in the past) is to have MySQL listen on a port other than 3306. Have GreenSQL listen on 3306 and forward to whatever port MySQL listens on. Have firewall rules restrict incoming connections to 3306 (and possibly 22 for ssh) and preferably limiting the connections to specific IPs.
Of course, this is all moot if you are using something other than MySQL. The fw stuff still applies.