Leave the Standard Shield on Normal, that gives the best compromise between protection and performance. The sensitivity setting on the Network Shield has no effect (aesthetics so the providers have the same look) as it has only one task to do and no different level of scanning.
A firewall might alert you depending on what one you have, but the avast scan would be happening before it get to your firewall, providing another layer in your defence (avast scans in localhost proxy before sending any email, so if it is intercepting spam it isn’t being sent).
In your case - not using a mail client at all - the outbound notification/blocking offered by a firewall would be enough.
However, less knowledgeable folks are often fooled by requests for outbound access by such process names as explorer.exe and svchost.exe which are the processes often compromised by spambots. In these circumstances, when outbound permission has been granted at the firewall, the Internet Mail provider will still report the excessive mail sending performed by the spambot.
The most common recent spambots we have seen here are those that have compromised the space of svchost.exe. That Windows process does have valid cause for outbound access (though not to port 25). So the outbound firewall would need to provide the discrimination of not just outbound access but outbound access by port to completely avoid the kind of successful infections we have seen.
Currently I have my firewall set to only allow svchost for UDP 53, 67, 123 Out. And UDP 68, 123 IN. I block Explorer entirely because I don’t use Help and Support etc. So coupled with the fact that I do not use a mail client, it sounds like I have nothing to worry about. However, some extra protection prolly won’t hurt. And I’ve learned so much from our discussion. I can help others who use mail clients iwith their Avast configurations.