In 10.2.0, ASM supports checking attachments against an ICAP service:
It is now safe to enable File Upload
http://devcentral.f5.com/weblogs/macvittie/archive/2010/08/27/f5-friday-it-is-now-safe-to-enable-file-upload.aspx
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/config_guide_asm_10_2_0/asm_sys_mgmt.html1037564
Configuring external anti-virus protection
You can configure the Application Security Manager to connect with an Internet Content Adaptation Protocol (ICAP) server to check requests for viruses. If the Virus Detected violation is enabled for that web applications security policy, the system sends requests with file uploads to an external ICAP server for inspection. The ICAP server examines the requests for viruses and, if the ICAP server detects a virus, it notifies the Application Security Manager, which then issues the Virus Detected violation.
Aaron