1. NO and this is ridiculous. But if your users are uploading files to this solution, it's not impossible that files being uploaded by users are infected. I suggest that you ask them to document the incidents and prove that they are coming from your Mac. It may be that they are trying to argue that because your COMPUTER is up all the time it is somehow more accessible to malware, but if the computer is behind a firewall, that also seems pretty silly.
2, Someone besides yourself SHOULD, dare I say MUST have admin rights. If you were run over by a bus, was fired suddenly or otherwise no longer available, there needs to be a way for the school to hand over access to the DB and the server to another developer. I've seen several posts here to the effect of: "Our FileMaker person is no longer with the company and no one can open the file to make design changes..."
Whether you have to give them developer level access to the database file or not, Admin access to the server admin console would seem a reasonable thing for IT to require of you.