What is the method that Avamar uses for immutable backups to have multiple restore points

My question is say you have a retention period of six months and you want to have a restore point of say 2 months due to Ransomware - the infection started two months ago. How does Avamar actually provide you the full backup that was made 2 months and one day ago? Does it start with today's full backup and SUBTRACT the daily incrementals? That would seem to be the only way my small mind can figure out how it is done.

No, that would not work. The daily incremental only contains information what data was inserted into the DB, but you don't have information what the records were before that.

Please refer to the Dell Avamar for SQL Server 19.12 User Guide:

"To fully restore data from a transaction log backup, at least one full backup must exist. To ensure data integrity, the Avamar Plug-in for SQL Server software always checks for the presence of a full backup on the server. If there is a full backup, the transaction log backup proceeds (that is, the backup includes only transaction logs). If there is no full backup and you select the Force full backup option (the default setting), then the Avamar Plug-in for SQL Server software forces a full backup to ensure data integrity."

And is there a conceptual difference to this answer between individual files or a gigantic SQL database?

Well, it's all deduplicated data, so the same block in your SQL backup could be used in some other SQL backup, SQL file dump or so on. Regular VM/file system backups are always full even if the deduplication concept is somewhat similar to incremental - i.e. already backed up data is not transferred to Avamar/DD, there's only a pointer to the existing data block that contains the same data.

Finally since incremental data is sent below the file or SQL DB level, are there any Ransomware inspection tools that can detect Ransomware going into Avamar and if so what are their names?

Installing 3rd party software like Antivirus into Avamar is not supported at all and will probably affect the workflows during updates.

Dell has a product called PowerProtect Cyber Recovery which works as a replication target for backup data, and there you can scan the data, validate VM backups and such.