Drive by downloads, when a virus installs itself when you visit a website, is very much Windows specific. Although theoretically mac virii could bypass security, every one in the wild requires the user to enter their admin password to allow it to be installed. At some point you have most likely installed the software yourself by accident. The most popular ways of convincing someone to install malware are fake anti virus software or fake video codecs.
If you want to run anti virus software then ClamXav is as good if not better than anything from the big software vendors, although I only run it once or twice a year as a check.
If you have found malware then most are easy to remove, although you have to make sure it isn't running first so you can delete it. If the anti virus software doesn't remove it you can usually do it yourself.
Open Applications → Utilities → Activity Monitor, if it's there click on the malware that's running and click “Quit Process”
Then go to System Preferences → Accounts → Login Items, find the malware and delete it from the list, or else it will start running again whenever you turn the computer on.
Search for the malware on your hard drive, put it in the trash then empty the trash. If it won't delete, force the trash to empty by holding down the Option key and choose Empty Trash from the Finder menu.
A useful piece of software I use is Little Snitch
http://www.obdev.at/products/littlesnitch/index.html which does the opposite of a firewall. It monitors everything going out from your mac to the internet, useful to find if anything is trying to contact servers. Little Snitch costs money, but if you run it as a free trial when it starts it runs for 3 hours, so you should be able to see if any malware is trying to call home within the first 3 hours of turning your computer on. Pay the fee and it remains on permanently, only allowing what you want to connect to the internet.