it's not really so black-and-white. It is not unusual, for example, for signature-based antivirus to detect the payload of a zero-day-based delivery mechanism. When they are packed in one file, this can incidentally protect you from the original exploit. This scenario is actually a lot more common than you might think, as simple economy means that a lot of malware authors will use different delivery mechanisms over time for the same payload. You see this a lot with botnets, for example, where there's a relatively small number of popular botnet agents that are delivered by multiple groups using multiple means.

In general, it's important to remember that malware involves multiple separate steps, typically today something like the initial exploit, a downloader, and persistence, which may retrieve additional payload binaries. Even if your antivirus is completely unaware of the original exploit, it may detect the downloader or persistent binary. This common problem (for malware authors) has lead to work on things like fileless persistence but those methods are more difficult and less reliable, so a lot of malware still needs to drop a persistent binary somewhere and use one of a fairly limited number of methods to get it to start again in the future. This is a huge opportunity for antivirus to detect a problem no matter the original exploit, and one of the things that antivirus is most effective at.

There is also heuristic-based protection, and in practice few host-based security solutions are purely signature-based. Heuristic protection has significant limitations but can be effective, especially for common malware patterns like loading drivers (no longer as common on modern Windows due to restrictions on driver loading). Heuristic-based systems tend to make enemies of their users though since it's difficult to tune them to be at all effective without a noticeable false positive rate. You see this a lot with packer detection: a lot of AV products use heuristic methods to recognize common packers (obfuscators), with the result that some self-extracting executables and commercial obfuscated binaries will also be detected. There's a lot of interest in machine-learning heuristic detection, but the false positive issue limits its use so far.

While it is true that signature-based antivirus can sometimes detect the payload of a zero-day-based delivery mechanism, it is not a reliable or comprehensive method for protecting against malware. Zero-day exploits and advanced malware can evade signature-based detection, and I wouldn’t bank on rely on this method of protection. In addition, heuristic-based protection methods have limitations and a high false positive rate, making them less effective.

nothing is a reliable or comprehensive method of protection - that's why we employ defense in depth, including host-based security and software hardening.

There are virus "kits" that allow creating new binaries as often as needed. So for whatever lag time (typically days to weeks) the AV folks have, you just generate something newer. Things are plenty sophisticated to allow VMs, encrypted binaries, and obfuscation tricks ... shared by commercial software that you can't just blacklist all bad binaries in any kind of general way.

So there's an infinite supply of bad binaries and AV companies are by definition, behind. Basically selling snake oil that promises to help, but never will.

That's why most AVs rely on behavioral detections rather than strictly file signature or hash-based detections.