I'd say that before you consider any advice I would look at my network and try to determine what the threat is and whether there are other forms of mitigation that may be more cost effective in the long run.

In my case there is absolutely no reason for anyone in my network that _requires_ the ability to receive executable content via email. Thus, I employ a Watchguard Firebox with the SMTP proxy set to remove all executable content from incoming email. I then employ a gateway mail server that scans all incoming email for spam and viruses. I'm not too worried about macro viruses in word documents because they are no longer an effective means of rapid transmission so there won't be (m)any zero day macro viruses and the desktops are set to warn by policy. Interestingly enough SPF, (Sender Policy Framework), is rather good at virus filtration though it is technically an anti-spam tool. I use BitDefender Professional on the gateway mail server and it has proven quite effective at picking up malicious code on HTML email too. Then I use Symantec AV for Exchange server on the main mail server. The only alerts I ever get from that is a "Scan Engine Failure" which usually seems to occur when someone sends a link rather than the actual file they intended to.

I have other admins that have control of certain parts of my network, (I'm sort of an ISP for them), but of my 350 machines, (excluding servers that are protected by Symantec Enterprise), I have only about 30 with AV on them and most of those are public access machines.

I further employ IDS with all the AV rules out there running as a "heads up" for myself plus a rule that alerts on any executable content being sent by email. I also block all outbound email transmissions that do not emanate from a valid email server and have the IDS alert me immediately it occurs.

So, yes, you can have a corporate network that does not employ AV universally.... But, and I repeat the "but", you need to understand the risk, the business rules required for your business to operate and the "little workarounds" for those exceptional cases.... for example, if a tech support chap needs to email an executable have them rename it to .txt and then rename it back... It passes right through the WatchGuard because it only looks at the extension... But it then goes through 2 AV products before it reaches the workstation.