It has on occasion been used to mask something, by using spaces to force something out of the limited view, either in the subject but most commonly in the attachment file name, e.g.
"this-is-a-harmless-text-file.txt .exe"
If the sender is placing lots of spaces in the subject or attachment ask them not to or what is the purpose of them doing it.
The iFrame HTML tag is a powerful tool which can import and execute data. Whilst this is fine on a web site for importing dynamic data, it can still be put to malicious purposes as well as good.
It isn't often used in emails and usually for ads, etc. however the potential for harm is great and since avast can't assess that potential at the time of scanning, it has to wait until that content were downloaded (too late) that is why the Heuristics flag it as suspicious.
If you know the remote address/url that the imported data is coming from (and you trust it) you can add that to the permitted URLs in the Heuristics section of the Internet Mail provider.
Remember the alert is over a suspect action and not a certain infection, these actions are controlled by the Heuristic section of the Internet mail provider where the settings can be customised.