First, this is obviously not supported, you may break something, make a backup, do not proceed if you don't understand something, etc...

Now, for the fun bits.
Avast antivirus (and others) implement email scanning of SSL connections by impersonating the SSL certificate of the real server. This is usually called "Man-in-the-middle"(or MitM), since the client/software creates a "secure" connection to the middle box who then initiates a real secure connection to the real remote server. Usually this is a "bad thing" since the user is expecting to be connected to the real server and not the middle impersonating one. To avoid this, certificates are signed by Certificate Authorities (CA). The user then "trusts" the "signature" of these CAs on a certificate. Usually the middle server will not have a certificate that has been signed by a "trusted" CA and the user will receive a warning that the certificate is not signed by a trusted CA.
This untrusted certificate issue can cause issues with ZD.
Usually there is a mechanism to add specific certificates or even entire CAs to the list of "trusted" CA/certificates, but currently ZD does not have a (documented) mechanism.

Since ZD uses Java, it also uses the Java certificate management tools.
So in "C:\Program Files (x86)\Zimbra\Zimbra Desktop\data\conf" (or your OS equivalent directory), you will find a file called "cacerts".

You can use the Java utility "keytool" to examine this file:
Code:
cd C:\Program Files (x86)\Zimbra\Zimbra Desktop\data\conf
"C:\Program Files\Java\jre7\bin\keytool.exe" -keystore cacerts -list
You will see a very large list of trusted CAs.
Avast has its own CA to sign the servers it impersonates to securely scan encrypted traffic (by pretending to be the middle server).
You can display this certificate using the "openssl" tool (some windows programs include it or download from OpenSSL: OpenSSL Binary Distributions). You must run this on the computer that is running Avast to display the Avast CA... (I'm not sure if each Avast installation has its own CA cert or if they share a common one...)
To display the CA cert:
Code:
openssl s_client -showcerts -connect imap.gmail.com:993
Look for the section that has the "s:"ubject and "i:"ssuer set to "generated by avast!":
Code:
 1 s:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN=avast! Mail Scanner Root
   i:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN=avast! Mail Scanner Root
-----BEGIN CERTIFICATE-----
MIID5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQUFADB6MTcwNQYDVQQLFC5nZW5l
.....
yi5HEGvMRY8Zm1Hkhq5n6NbNjyY+de3V0V4TtZQAjbojiRoerYnZvw==
-----END CERTIFICATE-----
Copy the lines between (and including) the "------ BEGIN/END" to a file named "c:\temp\avast_root.txt"

Now the fun part - and where you could actually break something, so make a backup...
Start a Command Prompt as administrator (right click on it in the start menu and select "Run as administrator").
then
Code:
cd C:\Program Files (x86)\Zimbra\Zimbra Desktop\data\conf
copy cacerts cacerts.bak

"C:\Program Files\Java\jre7\bin\keytool.exe" -keystore cacerts -importcert -file c:\temp\avast_root.txt -alias avast -storepass changeit
That should be it!
B