Bloodhound is a complete departure from traditional virus scanning technology, which typically relies upon virus “signatures” or fingerprints to detect virus infections. When an anti-virus company receives a new virus, it analyzes it and extracts a virus fingerprint. The virus is then considered “known” and can be identified by subsequent updates of the anti-virus product; viruses that have not yet been analyzed are invisible to such anti-virus software.

Rather than using signatures, Bloodhound detects viruses by inspecting executable files for virus-like behavior. Since many viruses are finicky and only spread under ideal circumstances, the SARC heuristic system actually “coaxes” viruses into exhibiting their malicious behavior. If a program exhibits such virus-like behavior, it is passed on for further analysis by the Symantec AntiVirus Research Automation (SARA) system or a SARC virus researcher. This heuristic technology has been shown to detect up to 80% of new, unknown viruses.
I think Bloodhound detects viruses, (Does it send mail, does it have trojan behavior, yadda yadda), and reports home to have the file tested if it is not recognized as a virus. From there, non-heuristic signatures (old school) are made to deal with the virus. First heuristic detection, and then signature based removal. The signature that is developed from a Bloodhound detection is given the Bloodhound prefix. At least that's what it sounds like to me. Because otherwise, every program that connects to a mailserver, even if it is small, will be a false positive. I don't think heuristics is trusted enough to act as a removal engine, but I think it is being used to speed up Symantec's sig releases.

edit:
Back when I used Norton, I remember Bloodhound asking me if I wanted to send in a specimen to Symantec, but I can't recall if it actually did anything with the file in question.

edit 2:

http://securityresponse.symantec.com...xploit.13.html

Bloodhound.Exploit.13 is not called a "signature", but it pretty much is a signature, just of a different breed. Bloodhound would not have been able to detect the jpeg exploit unless it was told to look for it. My point is that heuristic engines still need to be told what to look for, such as mail daemons, jpeg exploits, or whatever. That sounds to me like a "heuristic signature". A "heuristic signature" is more like a set of directions to find, than a fingerprint. Of course a heuristic signature now sounds like an oxymoron... although I will still call it that for lack of a better name.