In his article An Intro to Creating Anti-Virus Signatures the author describes three types of signature detections:
- hash signatures
- byte signatures
- heuristics
Though the article focusses primarily on Microsoft portable executable files like .exe, .dll and .sys, it would be possible to analyze .pdf, .ppt files if one would do that.
The article is well detailed and a good start to understand how anti-virus/anti-malware signatures are built.