Heuristics scans without signatures. It looks for certain patterns in code. Email-borne viruses are a good example. In order for the virus to work it will have to insinuate itself into startup somehow so it will contain code to alter the registry, the startup folder or some other vector. Then it is going to have to spread itself so it will have code for it's SMTP engine. So upon seeing this file a heuristic engine would say:-

1. File changes the registry
2. File uses code to transmit email
3. File is smaller than xKb so it isn't a mailserver installer

this could be a virus......