Personally, I don't think an AV program should attempt to detect anything other than a virus or trojan -- actual malicious code. ClamAV's doing so has made it more than a bit of a nuisance for some administrators, who found that complaints about phishes sent to their abuse address were getting filtered by their AV program.
Most antivirus companies appear to disagree with you for now. At this point in time it is a competitive thing. They do it or they will not survive. My McAfee saw your example ebay page as a Trojan "js/cardsteeler'.
<nod> That one did have a javascript on it. I missed that because I don't check for it; JS doesn't run on the browsers I normally use unless I explicitly allow it on a particular site.
Most AV companies follow what each other do. Unfortunately, in this case -- they're making their products less useful to many of us. :/
This has been a debate for some time and the antivirus companies have decided the debate. Can you look at it with SURBL also? Sure, but I am just saying it is a lot of effort to add these disposable IP addresses into any database. Who goes back and cleans up these databases 2 years from now when maybe a real user gets one? It's your system, I am just giving you my prospective, which could of course be wrong or...right. Time will tell.
I'm adding the IPs to SpamBouncer anyway; it isn't any more work to add them to SURBL. Since I expire them by default in a month, unless they still appear, and since Jeff is expiring anything he gets from me on the same schedule I do, nobody needs to go back and clean up the database -- in two years or any other time. So I don't see any disadvantage here, especially since a number of decent AVs still aren't listing phish URLs as viruses/dangerous content.