Thin clients are one useful option for VDI access. Some of these devices don't require antimalware software, as they are secure enough by their own.
But some others require extra protection in order to assure data and users security. One example are repurposed PCs as thin clients, since although they are not usually configured to run software locally, they are tecnically vulnerable to different types of malware.
In fact, certain malware may even attack hardware redirection or hardware drivers, allowing for example, inject a key logger onto the device.
In case of traditional thin clients from vendors they are not easily exploited by malware. Anyway, almost all of them have sufficient capacity to have antimalware software installed. So, even though the risk of being inffected by malware is very low, security can always be reinforced to prevent from potential attacks.