I understand that when I'm accessing Gmail via a browser that the mail scan portion of avast is not going to see any hits, but will treat it like any other web page. I also know about turning off SSL/TLS in Tbird and all that so avast can scan the mail. I've got that covered.
I have several Gmail accounts that I use (personal, professional, other) so using Tbird to access them all at once makes more logical sense. My concern is when using Tbird and avast it seems there's an all or nothing kind of philosophy - Tbird uses no secure connections and relies on avast to make that connection, or Tbird establishes the secure connections and avast can't scan my email. This first option means that my login creds are transmitted in clear text, which anyone in the Infosec world will tell you that's a bad idea.
The question I have is will the secure connection that avast creates for Tbird cover my login creds? Are my creds passed in clear text before avast establishes the tunnel, or is the tunnel established then my creds are passed? The first option = bad. Second = good. That's the question.
Should I just use Tbird to make the secure connection and forget about avast being able to scan my email (rely on Google's in house AV as noted by Pondus)?
Thanks for the replies!