Thanks, but what should the correct settings be?
Well, it's not an easy question...
1) If you have avast Pro version with Script Blocker provider or another Script security application (for instance,
Script Sentry or better,
AnalogX Script Defender) you could be safe activating the scripts.
That applications will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc and can even be configured to intercept new script extensions as needed! It's very simple to use and helps to ensure that you do not inadvertently run a script no matter what email program you use, or even if you get it via another method.
Oh, I forget, update Windows completely. Script security updates are necessary.
2) If you have Home version you could use that applications or disable the scripts. You will lose some HTML features (some functions in some pages won't work properly) but this is not a major problem I suppose.