Well it established the SSL connection but it still doesn’t decrypt/encrypt that is done outside of the localhost proxy as part of the regular SSL communication. what is in the localhost proxy isn’t encrypted (as it is still local).

So it goes something like this for outbound email, email client > avast Mail Shield redirects to localhost proxy and scans > SSL connection > email server. That is essentially the same for inbound or outbound email, as the request originates from your email client.

So any pop3 email coming back would be returned in the same manner, email server, SSL connection > avast! localhost proxy (at this point it is on your system and the SSL communication has ended) so it can be scanned > email client, inbox.