A virus signature is simply a binary pattern that is found in a virus-infected file. Using information in its virus definition (DAT) files, Virex searches for those patterns.
This approach cannot detect a new virus because its signature is not yet known. Therefore another technique, known as heuristic analysis, is employed.
Programs that carry a virus often have distinctive features. They might attempt unprompted modification of files, invoke mail clients or use other means of self-propagation. Virex analyzes the program code to detect these kinds of computer instructions. Virex also searches for legitimate behavior, such as prompting the user before taking action, and thereby avoids raising false alarms.
In an attempt to avoid detection, some viruses are encrypted. Each computer instruction is simply a binary number, but the computer does not use all the possible numbers. By searching for unexpected numbers inside a program file, Virex can detect an encrypted virus.
By using these techniques, Virex can detect both known viruses and many new viruses and variants.
This information and more can be found at http://virexhelp.com