People write viruses for several reasons, and they would be glad to write them for linux, but they have some security features that make them unlikely to work. First is that unlike windows, most people don't run as root/administrator full time. Windows would be much more secure if you ran it without admin access. Secondly, they can code a virus to attack a given directory (windows/system32, or winnt/system32), but linux doesn't have the same files in the same places on all machines. Sure they could try and mess with things is /usr/bin, or /etc, but then you also have to get the virus app started. With no registry, they can't force an auto start at every boot.
Viruses aren't worth a second of your time. If you run linux, you don't have to think twice or do anything. ClamAv isn't "really" to scan your linux system for viruses, it is to scan mail and files passing through your linux box to windows clients.
The security risk with linux are called "root kits". They are attacks that allow a remote hacker to get root access to your machine, in which case they can get it to do anything and everything that they want. Simple things like changing the port that ssh runs on, not using dumb-ass passwords, and protecting external services like apache are a good way to start securing your system. There are always going to be security holes in any OS, and chances are good that hackers know more of them than the defenders do. The only 100% secure machine is one that has no internet access.