Similar to this:
http://forum.avast.com/index.php?topic=72393.msg606295#msg606295
HTTPS does not protect against the transmission of infected files. It protects against eaves-dropping and man-in-the-middle attacks. HTTPS is a privacy protection protocol.
Avast will scan packers if you instruct it to. If you don't it won't unpack the file and scan it. I set all my scans---"Packers" to "All Packers" If you don't do that then if you have a packer that is not checked off under "Packers" Avast won't attempt to unpack it to scan it.
I also set my "Actions" to Repair----Move to VC----Delete.
I also set under "Actions" ---"Processing of infected archives" to the middle "radio button". The bottom one would be more secure. I think leaving it at the default which is the top radio button and says "Try to remove only the packed file from the archive,
if it fails, do nothing" is a bit risky. I am not sure why that would be the default.
I have not had any problems with infected files getting into my system with these setting and using the procedures I described above.
Using these settings AIS has caught some infected archives/files while they were seeding at the end of a P2P download and then promptly sent the file to the VC or deleted it with no further incident. I always followed up on these files when something like this happened by checking the download location and verifying that the file had indeed been moved.
The I clean my system's temporary files before doing anything else. This procedure seems to have kept my system pretty secure so far.