DMG files are disk images; they are containers, like ZIP files. Think of them as virtual CDs. They are not themselves dangerous, at least I don’t think that the process of opening them executes any code. Potentially dangerous is what they carry, namely programs. Gatekeeper checks if programs are code-signed by the developer, but this check will only be performed automatically when you obtained the disk image via a browser or like. If you want some extra security, then you should download a malware scanner.
For macOS Sierra, developers can code-sign the disk image as well and vouch for all the contents. This gives you some extra certainty, provided that you download the disk image from a trusted source and make sure that it is signed by the person or organisation you downloaded it from.
For malware in general, you should have a look at this guide:
http://www.thesafemac.com/mmg/