Not all Turing-complete languages are scanned. For example, CSS3 is Turing-complete but by default it is not looked at by AV scanners.
However, one can do some nasty things using CSS. An example would be when a troll was posted on a site that appeared to show some sort of Linux-based privilege escalation when in fact it had several <span> tags scattered about that would have not shown up in the browser but did so when text was copied.
This sort of thing can however be defeated by just scanning the web content coming through (and most modern AV software has this already), but even then an attack like that isn't simply going to be just picked up so easily.
I am well aware of where files can create havoc Turing-complete or not (such as my MP3 example), but at the very same time you're going to have headaches if you decide to scan every single file.
This again goes back to my whole point of saying that AV is a dead technology because you really shouldn't trust any file but it is not effective to scan everything either.
