By default, VirusScan automatically scans any file that is created, read, or modified in your local drives. However, files must be written to your disk before they can be scanned. There is a feature that is not enabled by default which can scan files in a network drive. However, if you are using SFTP VirusScan will just be able to access the file when it's written to your disk.
Information below is present on the product guide for VSE 8.7 and has a clarification about how the on-access scanner works:
"The on-access scanner treats scans differently depending on whether the user is writing to disk
or reading from disk.
When files are being written to disk, it scans these items:
• Incoming files being written to the local hard drive.
• Files being created on the local hard drive or a mapped network drive (this includes new
files, modified files, or files being copied or moved from one drive to another).
When files are being read from disk, it scans these items:
• Outgoing files being read from the local hard drive. Select
On network drives on the Scan
• Any file being executed on the local hard drive.
• Any file opened on the local hard drive.
• Any file being renamed on the local hard drive, if the file properties have changed."
Note: There are other products like Web-Gateway and EWS that you can implement at the gateway level and they can scan files before they are downloaded by the end user. Not sure if these products covers SFTP, however, for sure they can scan HTTP and FTP.
Hope this helps.
Thank you Bruno. You have been very helpful indeed. My bad for posting a RTFM