The prohibition of installing anything on the 3CX server is (1) to ensure no compatibility issues arise, (2) ensure no adverse impacts are caused by an anti-virus scan (especially during production hours), and (3) to simplify the environment that 3CX support engineers have to troubleshoot.
Installing anti-virus on the 3CX server expands the number of possible issues the support department has to consider when determining the cause of a 3CX issue. Since 3CX support is free to 3CX partners (with some limitations) it is reasonable that 3CX would want to limit the complexity of the environment they have to support. I used to work in 3CX support, and I understand their pain all too well.
Perhaps this is not so much an issue of whether it is technically feasible to run anti-virus on the 3CX server as it is a need to serve as many 3CX customers in a timely way as possible with a relatively small support organization. The old adage "keep it simple" also applies to ensuring your PBX is stable and high performing. So there are lots of inputs to this calculation.
All that said, in theory your 3CX server is running behind a firewall. And you shouldn't be browsing the internet from the 3CX server. And presumably the rest of your environment is protected by anti-virus, so one could argue that your exposure, if running the 3CX server without antivirus, is fairly low. But there are a few "if" statements in there...
I personally run the built-in Windows defender on my 3CX servers, and I make sure to exclude the 3CX directories (c:\program files\3CX Phone System, and c:\programdata\3CX and all sub-directories). I think that is sufficient, and won't create a headache for the 3CX support group.... for what it is worth.