ClamAV is a great AV program, I use it on all of my mail servers, and have it installed on pretty much all of my systems.
As a normal user, you can only write files in your home directory, and /tmp, by default. Desktop-oriented distros usually have automounters set up, that will mount CD-Roms and USB keys automatically (and allow you to write to them), as well as kick the permissions to allow you to burn CDs, etc.
There is no spyware checker that I know of for Linux, but one probably does exist. If you are concerned about your box, run
ChkRootKit, which checks your system for files and signatures from known rootkits (which would mean your system is compromised)... there's also
Tripwire, which monitors any set of files and directories you list for it, and will alert you of any changes to them. This is a big pain to set up if your distro doesn't supply a file list, and maintenance can be bothersome (as you need to authorize each file change and re-learn it each time), but for servers with static configurations, this is a great early-indicator.
Edit: One note though-- AV programs on Linux are different than Windows, there is no active-scan method, scans must be run manually. (In Windows, you can set in the registry a program that is run before executing any file, AV programs make use of this in order to scan the EXE before it's executed by Windows... it's also used by a slew of viruses and spyware that exploit this, to allow them to hide deeper in the system, and stop other things, like virus scanners and spyware scanners from running.) In basic Linux, this option does not exist, when you execute a file, it just executes. (But you can use SELinux, AppArmor, and other systems to allow/deny execution and control what the running program can do).