In an interesting article, Thomas Dullien argues that anti-virus based on signatures (your AV “definitions” file” ) is doomed to failure. His premise is simple. The attacker always has access to the anti-virus definition files, and can therefore generate permutations for new attacks until it succeeds.
I have not been impressed by any heuristic AV software, which works by examining the behavior of a file. I look forward to seeing his followup proposal to address this problem.