OK, below is a gmail stunnel.conf that should work for you.
In TB, you set your server to access the localhost port listening in Stunnel.conf for the particular service, never secure. So your TB IMAP will access server localhost on port 11143, with never secure checked. Setup in Avast! for IMAP needs to look for port 11143 to scan under "redirect".
; We're running as a client to SSLify the POP & IMAP connections
client=yes
debug=5
; gmail IMAP service listens on localhost 11143
[gmail-imaps]
accept=localhost:11143
connect=imap.gmail.com:993
; gmail POP3 service, listens on localhost:11111
[gmail-pop3s]
accept=localhost:11111
connect=pop.gmail.com:995
; gmail SMTP service, listens on localhost:11026
[gmail-smtps]
protocol=smtp
accept=localhost:11026
connect=smtp.gmail.com:587