how to create an antivirus program?

See, basically it is like u are given a letter(the one which we post messages on) and u are told that this letter contains the handwriting of a criminal . And u are given 100 other letters and u are told that find if any one of these 100 are written by that criminal. How would u do it? you will have to match the handwriting of these 100 new letters with the letter of the known culprit. If any of the 100 letter matches with the handwriting of the known letter of the culprit, then we can say that this letter(from the 100 set) also belongs to that culprit. Right? Thus the required action can be taken now.

Anti virus system work in a similar way. They check the handwriting of known viruses(called virus signatures- which are actually program codes specific to that type of virus) with the codes executing codes of a file on the computer. If virus like trait is found on the code of the file then it is marked as harmful and required action can be then taken by the antivirus or the user.
Get a better picture about how viruses infect a file from eg of algorithm given below.
Original file: on clicking the original file(ie to execute it)
____starts here_____
step 1 : open the program
step 2 : extract the contents to temp folder
step 3 : start the installation
step 4 : clear temp folder
step 5: finish installation
____ends here______

Virus file may contain the following set of algorithm
_____starts here_____
step A : infect the file
step B : perform ABC procedure
step C: end operation
Step D: Goto condition
_____ends here_____

so after the virus infects the original file the algorithm will be looking something like this
_____starts here_____
(the virus modifies the file)step A : infect the file
step B : perform ABC procedure
step C: end operation
Step D : Goto Step 1
step 1 : open the program
step 2 : extract the contents to temp folder
step 3 : start the installation
step 4 : clear temp folder
step 5: finish installation
_____Ends here_____

thus you can see from above that the virus has prepended its malicious code to the original file. Note that while most viruses prepend their codes, some append to make it difficult for the antivirus to scan and find it. Will be tedious especially if the file is very big.
Now in such cases, antivirus(AV) will scan the file and when the malicious code is found, it will try to repair it by deleting the malicious code off and re compiling it to normal status. With most complex viruses this is not possible so it may require to be deleted. Some AVs maintain databases of clean scanned files called footprints and can use these to restore infected files(eg Avast). In this procedure, virus signatures are used. These virus signatures or definitions are the ones that we receive as updates.

With more n more complex viruses using polymorphism and other techniques, it becomes extremely difficult to detect viruses just by scanning against signatures. Thus along with that many other technologies are used simultaneously in an AV program. Such techniques include, Heuristics, Sandbox method, 'in the cloud', behavioral techniques etc.
I have a detailed post on my blog on how to select the best antivirus for ourselves. You may check that to know more about the techniques mentioned above in one place(<a href="https://babbleona.blogspot.com/2010/02/best-antivirus-software.html" target="_blank" rel="nofollow noopener noreferrer">Technorama Blog: Best Antivirus Software</a>) or you may google them out separately.

Ill mention about heuristic in short as someone asked about it specifically.
As i said above, that the AV updates that we receive are actually signature/definition updates. These signatures are made after we get their samples from the computer users. That means that the virus infects some computers, these computers send samples to the AV team, signatures are made and then updated. Then the virus can be removed , or in cases where it is not yet infected, they will be immunised. But the AV companies do not want to compromise the security of even those small groups of people who get infected before the updates are out. Thus to prevent that a heuristic scanner is added. Its work is not to look for the exact codes matching with those of signatures in the database but to look for a similar code which may act the same way as the known virus may do. But this method brings out a lot of false reportings(called false positives). It may show a file as being virus like even though it may not be. It is like they may label all people who wield guns as terrorists even though there are policemen too who use them. To minimise this problem further, sandbox technique is used in which this suspect file is allowed to run fully in a control virtual environment. Inside the sandbox, if it shows virus like activity then it will be confirmed that its a virus too. This method is good but slows down scanning.

As for making a full fledged AV as a part of CE labs project, I think it is a difficult prospect because there are so many delicate things involved and moreover it will require a dedicated team to maintain it and make the required updates. If we have manpower to do such a work then it would be a great idea. But i would suggest making a antivirus tool for some particular types that infect the most. That would be easy and most probably a one time issue;-)