Hello,
Yes, he would have to manually manage it.
If he wanted to lower the administrative overhead by a little bit, he could have two separate LiveUpdate Content Policies (one for his test group and one for his production environment.)
His test group could be set (via its policy) to automatically update to the latest virus definitions while his production group could be set to only use the virus definitions he picks.
His other option (and the one I personally prefer) would be to manually manage the virus definitions that both the test and the production group are using.
This may be too much to do if you have the SEPM downloading three definition sets per day. It would be much more manageable if you have the SEPM download definitions but once a day. This would have a secondary benefit in that it would give his test group an entire day to run with the "suspect" definitions before he rolls them out to his production group.
Regards,
James