ClamAV is designed to protect against viruses. While their anti-phishing function works well, phishes and spam are not viruses. They probably felt the need to do something because the phishing threat is pretty serious, or can be if people get tricked by them, but we've had a SURBL phishing list for about a year:
SURBLs are designed to check message body URIs, which is what spammers and phishers are usually trying to direct victims with, therefore our tool is a much better fit for the problem than a virus tool, IMO.
Whatever works most reliably is the best. (And that may be a combination.)
In ClamAV's case, they have designed it to catch some proportion of phish and an appeal to "ClamAV is designed..." to restrict it to some limited category just doesn't past muster -- it does what it was designed to do -- catch (most) virus and catch many phish.
Also, with a simple blacklist you don't have logic built in for things like people mentioning the URIBL on a list like this so recourse to whitelists, and the program logic of SpamAssassin or some other "meta evaulation" method.
Presumably -- now you have me interested so I am going to check -- ClamAV does more than a naive pattern match on the URI and apparently they even have (had) endless debates in the ClamAV newsgroups/lists on this subject.
It's sort of like Tastes Great -- Less Filling. Silly argument when what we really want is great taste without getting fat. <grin> (Or pick one: revolvers vs. automatics, Macs vs. PCs, blonds vs. redheads, etc....)
Whatever works -- works.
And by the way: I REALLY appreciate your SURBL lists and hard work even if I think other tools supplement and help make your stuff even better.
My security principles include (but are not limited to):
1) Stop as much as possible at the outer perimeter (earlier the better)
2) Defense in depth
For us, the virus scanning happens before the Spam tests; early is good.
-- Herb Martin