Polymorphic viruses need a special kind of detection, of course - and avast! certainly has it. It's not a heuristic, however (at least not in the usual sense of the word - i.e. detecting unknown viruses according to their features, behavior, ...) - it's a special piece of code to detect the polymorphic virus. Every polymorphic virus has a special piece of such code, contained in the VPS file, together with the ordinary signatures; you can call this code a kind of "signature" as well, though it's certainly something more complicated.