- data directory ( binary can be checked by AV)
- tranlog directory
- daos directory
- VIEW_REBUILD_DIR as specified in notes.ini if you are using this settings
- any directory linked through directory link outside the data
- disable all mail plugin settings (they are made for client , not for server)
That's all, any infected attachements could be find by AV on %temp%\ notesxxx folder that Domino use to process the email.
If you like to have AV protections inside all domino server PLEASE buy a dedicated product for Domino from your AV seller