Add the Thunderbird mailstore folder '%USERPROFILE%\Application Data\Thunderbird\Profiles\XXXXXXXX.default\Mail\' to the exclusions list (where XXXXXXX is uniquly generated folder name)
If using EPO then add the exclusion to the workstation section of 'On-Access Default Processes Policies'
If not managed by EPO then 'On-Access Scanner->All processes->Exclusions' in the VirusScan Console
There is a 'Prevent mass mailing worms' rules under Access Protection but that has exclusions for 'thunde*.exe' so unless he's renamed his Thunderbird executable then you can safely ignore that.
I have a user that needs Thunderbird excluded. he says that " Connections to <mailserver>:993 still trigger heavy mcshield.exe activity."
What exclusions need to be down for Thunderbird
Heavy McShield.exe activity when accessing any MIME encoded file (such as Thunderbird and many other non-MS email clients), is often caused by the size of the MIME encoded file. As the number and size of the messages grow, the scanning of this can cause extreme delays in large mailboxes.
To avoid this problem, I suggest changes to some settings. But before changing this, I also strongly recommend making sure that these files Are scanned regularly, (like weekly, or more, as your security/network administrator demands) to help mitigate possible malware that might get thru.
From the VirusScan Console:
On-Access Scan Properties
Uncheck "Decode MIME encoded files"
Make sure that "Decode MIME encoded files" is Checked on one of your regularly scheduled On-Demand Scans.
This may help with extreme slowness when opening (or indexing) Thunderbird.
I have found that 'Compacting' also helps, if done regularly.
Hope this helps, and let us know if it does, or if we can help further.