Use Exchange Online Protection (previously known as FOPE) for message transport scanning. EOP provides inbound and outbound spam and malware filtering, reporting, message trace, and mail-flow configuration features.
Exchange 2013 has built-in anti-malware capabilities (although they're quite limited). Microsoft removed the AVAPI from Exchange 2013, so if you want to do store-level scanning to remove malware already present in your mailbox databases you'll need a third party product that scans the store using EWS. There are currently no third party products that do this yet.
For file-level malware scanning use System Center 2012 Endpoint Protection which is a component of System Center 2012 Configuration Manager. Be sure to follow the following Microsoft guidelines:
- Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows: http://support.microsoft.com/kb/822158
- Managing Antivirus Software on Active Directory Domain Controllers: http://technet.microsoft.com/en-us/library/cc816917(v=ws.10).aspx
- Anti-Virus Software in the Operating System on Exchange Servers: http://technet.microsoft.com/en-us/library/bb332342.aspx
- Specifying Antivirus Scanning Exclusions (Lync Server): http://technet.microsoft.com/en-us/library/gg195736(v=ocs.14).aspx
- Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint: http://support.microsoft.com/kb/952167