DavidR
4
Some could, it depends on what the content of the email is, iframes could be in emails, they are usually used to load dynamic content (text, images, etc.) into the frame. That can connect to a site and actually run a script, now what the script might be is up to who sends the email.
So it is possible to end up with a driveby download in the same way as you can visiting a web page.
However, if avast sees an iFrame in an email it considers it suspicious so you may well get an alert on it or if it is trying to connect to a malicious site. But that, nor Gmail checking can’t be 100% guaranteed, that is why it isn’t advised to do anything with spam/unexpected/suspicious email other than delete it.
EDIT: reread your post, I though you were talking of opening the email in an email program not the browser. But all that I mentioned can still occur in an email viewed through a browser, the only real difference being that the Web Shield would be scanning it rather than the Mail Shield.