Ondrej,
Thanks for your reply, although I didn't understood all of it. I got another lesson today when I installed Outlook to check it out. A bit later, Avast intercepted what looked like another malware attack, just like the previous one! Actually, I guess the fresh Outlook client simply populated itself from my iCloud Mail, pulling down the previous toxic email from the cloud one more time.
Finally I begin to understand (I think). Avast intercepts email at the user client level (Mail or Outlook or whatever) and deletes the message. The message still exists up in the cloud though, which allowed me to find it in a browser view of iCloud Mail, i.e., the web client, and, hmmm, yes, also on my phone which I suppose had previously pulled down a copy into the iOS Mail client.
So, after Web Shield intercepts a bad email in the user's email client, it seems like a good practice for the user to go to a web client and delete the toxic message from the cloud as well (and on one's phone too) correct?—to make sure the user doesn't step in it again. Maybe that's what you were trying to tell me.
Last questions, and I'll go away:
Just double checking what you had written: Were you recommending using a webmail browser instead of a desktop client generally, or just for the task of finding the toxic email? And, is it less dangerous to open and inspect the toxic email on a web client? —and on my iPhone? (because the Java malware is probably operative only on a desktop OS?) I wouldn't click on any attachment, but if it were not dangerous, I'd consider inspecting the text of the message and the header.
Thanks again for Avast.