If I understand correctly, ASL recommends running email on a separate server from web services for this reason.
Definitely. All of the antivirus and antispam products out there are pretty CPU heavy. But theres an even better reason to do this: email can be slow it doesnt need to be "real time". What I mean by this is that email, unlike any other service on the system (web, ssh, FTP, etc.) can be slow. Users will tolerate an email taking a few seconds to be delivered, but they won't in my experience tolerate a web site taking several seconds to load. Nor will they tolerate SSH taking several seconds to reply to a key stroke, mysql taking several seconds to respond, and so on.
But they will tolerate email taking a few seconds. So, the best bang for your buck is to set up a dedicated box (doesnt even have to be big or fast) to offload and handle all incoming email and scan it for spam and viruses. That way, the only system that ever gets slow is one the users never "see". Its not hosting anything, so to them everything stays nice and fast. Plus, if you get a big surge of email, your websites (and your customers) won't be upset that their sites are now suddenly slow. Email might take a few more seconds to get to them, but since most users are tolerant of (and even expect) email to take a few seconds to get to them they never notice. A cheap server is all your need to do this, and the project gamera packages are purpose built to do this.
We even have big commercial customers, and government agencies that use Project Gamera for all their spam and virus scanning needs.