https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.
[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.
(Score: 0) by Anonymous Coward on Tuesday April 10 2018, @06:54PM
The AV problem is actually very similar to the Halting Problem except that with the Halting Problem you get the full code and the inputs but with the AV problem you don't. And they say the Halting Problem is not solvable in general.
Perhaps you can solve the AV problem for specific/popular cases[1] but sandboxing is often a better way of securing stuff. Like "solving" the halting problem by ensuring that all programs halt within a max time limit whether they're written to or not.
[1] I do use AV as part of "defense in depth". But it's called virustotal and runs on someone else's servers...