Your last question is the key one. The scan is performed after the write (in fact, it's performed when the file is closed). Therefore, catching the virus by this kind of scan is sort of "too late", since the file is already infected.
Unfortunatelly, it's not possible to change. Imagine that a virus is infecting the file in multiple steps - each time writing only a part of it's body. Scanning the file after every write (it could be writen byte by byte!) could be very slow. But even if it were done this way - the file may not be detected as infected during the first write; it could be detected after a number of writes... and at this point, the file is already damaged (it's questionable, but it may be better if the file is infected "completely" and "working", instead of incompletely and useless).
Btw, true worms (based on network protocol buffer overflows) don't need to be written to disk to activate; but that's out of the scope of an antivirus anyway (you need a firewall to prevent this kind of attack).