Okay in the easy way here is the story:
Suppose there is an antivirus called ‘whatever’ and the maker of this antivirus develop the database of this antivirus,the DB contain digital signatures for piece of code of the malware or a checksum digest like md5 so if the program’whatever’ loads its DB which not encrypted “like the case of windows defender and MSE” avast will see the unencrypted signature and think it is a real virus.
Nothing wrong with avast the wrong is in developing DB structure.
I wish you understand me now.