Without addressing the design of the Diebold system, I'm not sure I agree with the implicit argument here.
First, it's important to distinguish where the AV software is running. It's not on the voting machine proper but on the election management system (EMS). These machines run Windows (the Diebold touchscreen machines run Windows CE and the optical scan machines seem to run some monolithic embedded app [*]). The way the Diebold system works is that the results are fed into the EMS and then the EMS tabulates them and declares the winner.
I can imagine a number of arguments for why you shouldn't have an EMS that has an antivirus system on it. Let's take them in turn:
You shouldn't be using a computer to tabulate the votes.
This isn't inherently crazy, but given the complexity of elections in the United States, it seems fairly unrealistic. In the Nov 2004 election, my local ballot had 27 separate contests on it. Goggin et al. report that single-person manual counting of optical scan paper ballots takes about 5 seconds per race per ballot (with a 1.5% error), so a 27 contest ballot would take about 2.25 minutes to tally. If you use 4 person teams as used in the California TTBR, then Palo Alto, which had about 5,000 votes in that election, would have required about 750 man hours to do a complete count. Even with only a single person per ballot, you're looking at nearly 200 man hours, so that's 12 people to get results within 8 hours. This isn't impractical, but it's a big change from the existing systems, so we have computers in the game somehow.
If you're going to use computer counting, then you need to somehow program the computers, and that means some sort of EMS. Now, you could use precinct count opscan and/or DREs but tabulate manually, for instance from the results tapes out of the precinct machines. Then you wouldn't have to worry about accuracy of the EMS tabulation, which would remove this particular alleged problem (though of course you would still have to worry about compromise of the EMS during the ballot definition phase). On the other hand, the tabulation part of the equation is the most auditable and transparent part of the process. The State publishes precinct totals, so you can add them up yourself and verify that the totals are computed correctly. I'm not saying there's no risk here, of course, but if you're going to remove computers from the system, this isn't where I would start.
Your EMS shouldn't be running on a general purpose system.
A lot of the polling place devices run on non-standard embedded systems. That doesn't necessarily make them less susceptible to malware. It's true that the generic malware that you see on Windows systems isn't going to run on these platforms, so the attackers would have to get their hands on the target software, but that hardly seems like an insuperable obstacle. Of course, your generic AV software won't run on these platforms, but it's not clear that that's somehow an advantage.
You shouldn't need AV on the EMS because your machines should never
be exposed to any kind of malware.
I certainly agree that it's critically important to isolate the trusted county central machines from any source of infection (see here for our EVT paper on techniques for this.) But no isolation system is perfect, so it hardly seems like a bad idea to have some sort of security software (AV, etc.) as a backup in case you accidentally contaminate your EMS. I'm not saying that you should rely on AV; if you discover that your EMS is potentially compromised, but your AV system doesn't say anything, it's probably not safe to assume everything is OK. On the other hand, if your AV does signal some kind of infection, you should definitely be paying attention.
The AV is useless.
One of the big failings of AV software is that it's not that great at detecting new kinds of malware. Modern AV systems are OK at detecting known kinds of malware (e.g., generic viruses), but they they're not that great at detecting new kinds of malware—which is why they need regular updates—and even worse when that malware has been specifically designed to evade that AV software. And since any kind of malware that specifically targeted election results would need to be specially designed, your average AV package is not particularly likely to detect it. That said, AV packages typically do contain some anomaly detection, and you might get lucky and have the malware fall afoul of that. However, given that the EMS probably needs less user level flexibility than your average system, you might be able to design a much more aggressive anomaly detection system (e.g., tripwire + something else) that would have a better chance of catching stuff.
The AV is dangerous.
Given that Diebold is blaming counting errors on the AV, this seems like an argument with some force. I have no opinion on whether the AV is to blame, but given that the EMS is running on a system with a huge amount of software (i.e., the OS), it's not clear why you should be especially concerned about the AV as opposed to that other stuff.