VPN does not restrict ports. To do this, there are firewalls everywhere, why should a VPN climb into someone else's garden?
VPN does not affect the spread of viruses in any way. It's not about viruses at all.
The following measures help against viruses (in that order of priority):
1. limited user rights on working computers and servers. This is generally the most important thing in the whole fight against viruses. The fulfillment of this condition will add 100500 points to the security of the network. And not execution will make all other gestures meaningless.
2. a properly configured corporate firewall (blocking everything except allowed traffic)
3. an updatable normal antivirus installed on all workstations and servers
4. anything you can think of in addition :-)

I see only one VPN option with forwarding one single RDP port

If RDP is not further restricted, then theoretically the virus will be able to penetrate the corporate network through it. It is necessary on the RDP server to prohibit the mapping of client disks to the server, prohibit the clipboard between the client PC and the remote one, cut off the user's hands :-)

Require an installed antivirus. Well, let him come not from his garbage dump, but from a clean virtual machine.

A VPN does not prevent the spread of a virus. The virus is prevented by a properly configured firewall and antivirus.

Does VPN restrict the spread of viruses?

No. A VPN is a regular network, it's just that it's not a physical medium that is used as a transport, but an existing network.
In general, in this regard, a VPN is no different from any other network, such as Ethernet.
Firewalls, OS security settings, user access rights, and specialized programs serve to combat viruses and malware and limit their spread.

VPN , as an organized network, is no different from just a LAN - it is in fact a large LAN (if we abstract from the mechanism of its construction) - what you limit will be limited :) allow only RDP and only on his computer