[I admit, avast detection should be better.
But, after all, a spam killer will manage infected email very well if you know how to configure them. For instance, MailWasher or Spamihilator won't let these emails reach your inbox.
It's not a matter of avast's detection not good being good enough(personally I think it's fine). It's just that the virus get here faster than the updated VPS. But everything takes time.
The same holds true for spam killers. It takes a few days for the signature to be added to the database. For example, it was about four days 'til my mail server added most of soberab2's versions to their anti spam program.
Which is why the human brain should always be your first line of defense, don't open email attachments from unknown sources or even known sources that could be infected (friends) until you check.
Viruses that uses social engineering to tempt you to click on links or attachments, etc. for the most part need to be able to get established, create registry entries, copy files to system folders, etc. They need permission for that and most people give that by default.
So in the worst case scenario, it gets past the mark 1 brain and is an undetected virus or malware then you need something else.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.