Hi Eddy, thanks for the response.
Yes, if I “disable all shields” for 10 minutes, then I get a window of time where the email program will work.
This is running Windows 7; the only other security software running would be the Windows Firewall, and I do not need to disable it for the email to work.
The email program is nPOPuk, available at http://npopuk.org.uk/
nPOPuk has a feature in SSL (which I understand is implemented using the OpenSSL software) to enable or disable “verification” of certificates. Turning off the verification allows the email to work even with Avast’s self-signed certificate, but my understanding is that verification is the only protection SSL offers against man-in-the-middle attacks, so doing so is only appropriate for testing.
I had been giving myself the 10-minute window using the Shield Controls from the popup menu in the system tray… that doesn’t allow selective disabling of particular shields… and I wondered if that was even still possible in the current interface, but I found it in the main interface, that you can start/stop individual shields. So I tried disabling each of web shield and network shield in turn, and then together, and none of those resolved the problem.
Then I looked to see if mail shield was off like I thought it was (and historically have had) and it was on. So I turned that one off, and that resolved the problem.
Historically, I have not run mail shield because nPOPuk doesn’t run scripts… it simply doesn’t know how! So mail shield seemed unnecessary. I also use Thunderbird, which also doesn’t run email scripts without first alerting the user, and I have javascript turned off for email also… so again mail shield seemed unnecessary.
I guess, somewhere along the line, a new version of Avast must have changed my configuration, and enabled the mail shield, or there is a possibility that installing a newer version of Avast on this newer computer, I didn’t figure out the option to turn off the mail shield, or forgot to, or ???.
In any case, it seems that the recent update changed something that adds a self-signed certificate to the email path, but while I erroneously reported that it “I’m not running the mail shields” which would have implied that the problem was not in that path of logic, it turns out I was running them, and the problem is in that path of logic.
Thanks for you help, and I hope this response clarifies the issue, so that it can be fixed.