443 is the default port for SSL. Any site that is using packet filtering and is serving pages via SSL will have filters set to allow traffic on that port (unless they are using something other than the default). If you only allow traffic on port 80 and maybe a few others like FTP and POP3, then disallow all other traffic, HTTPS requests will not get through.
"Stateful inspection" refers to the packet structure and whether or not the packet is part of an already established connection. It has nothing to do with the packet data contents. Since data is split up and transmitted via multiple packets, and those packets do not necessarily follow the same route from source to destination, and the packets do not necessarily arrive in the same sequence that they are sent, there is not any practical way in which the contents could be inspected while in route. The burden of screening for worms/viruses falls on the receiver or its proxy.
Also, consider that the point of sending via HTTPS is to send encrypted data. Data sent using the public key can only be decrypted by a process with access to the private key. Normally that would only be available by your webserver.