I also wonder,

Does AVAST offers some kind of generic detection (content behavior) or is it
simply signature based ? (i know Mail provider uses heuristics)

Wy do I ask :

because nowadays you can “order” custom made dangerous trojans that are
edited to evade detection from the AV you want.

If you only trust on signature detection > IMHO > your doomed if you encounter a edited and / or polymorphic R.A.T

I also believe that signature is no good against polymorpic malware as they change there content over and over again. You can create with a mutation engine ( do a Google search) thousands of mutated trojans.

Just like the vendors of TDS-3 explain here (Donald Dick RAT):

If this was a normal server, we’d see the same code with every server we created. As we see in the above screenshot, this isn’t the case with polymorphic trojans. With Donald Dick servers, not only are all of the entrypoints and file sizes different, but all the instruction sequences are also very unique! No form of signature-based or conventional detection can be used to detect this trojan.

http://tds.diamondcs.com.au/index.php?page=polymorphictrojans

I wonder of AVAST of any other Av can cope with such threats, and HOW ? please fill me in…

Waldo