turn on AV scan for SSL/TLS traffic ? - make sense ?

Hi all,

When looking at antivirus profile, i can see that only non "secure" traffic are listed, 

 

LOFC-FG01 (AV-scan) # config http        HTTP. ftp         FTP. imap        IMAP. pop3        POP3. smtp        SMTP. nntp        NNTP. smb         SMB. nac-quar    Quarantine settings.

For traffic such as sftp, ssh ,https passing through my firewall etc, does it even make sense to turn on antivirus ?

q1) Is AV able to look at "encrypted"  traffic ? or do we need to turn on  "SSL deep inspection" in order for AV to look scan encrypted traffic ?

q2) does AV " flow mode"  support SSL inspection ?

q3) how does SSL deep inspection works for incoming policy ? (e.g. external/public users accessing internal webserver)

does that i means i have to buy 2 cert ?  (1 to be install on the webserver, 1 on the firewall)

Regards,

Noob