An AV doesn't protect you against anything but some aspects of the user's behavior, for at least 2 reasons:
-a "new" virus, if not detected by heuristic characteristics, has the time to spread 10 times around the world before any editor has the time to upload a patch.
So, yes, it should protect you against mail attachments and double extensions, but this does only assume that some people dumb enough to be infected by mail attachments still exist.
p2p, warez and porn is another story, but that is another story: when you play poker, you must sometimes be ready to lose...
I never run whatever without a firewall, but i stayed many years without any AV and only got infected twice in more then ten years (because, at that time, i liked to play, altough not very often, with warez download).
I installed an AV because everyone tells it should be done so, and the last one (avira) only because i was puzzled by some comment in this same forum telling it should not work with CIS (it actually does).
But i still don't believe, if proper and simple behavior and security measures are applied (mail, windows services, disabling scripting, not using warez, porn, p2p, im, be careful when and where clicking...) that virus (excepting, again, rogues and rootkits toward which they are totally unefficient) are a sufficient threat to deserve an AV to be installed.