We've been using the HTTP filtering to block access to websites that carry malware (primarily free dns hosts) and it has worked well. Unfortunately we ran in to a conflict due to the relatively primitive syntax when it comes to creating a mask. I created one for ce.ms, using the mask *ce.ms* as the Eset KB recommends I should. Unfortunately these free DNS hosts use such short name that it is possible to create conflicts in the masks like this one did with the website police.msu.edu I got around it by changing my masks to include a leading period like *.ce.ms*, but even that leaves a lot of ambiguity that could result in further conflicts with any number of other small domain names I am blocking. My idea would be to allow the forward slash character to be part of a valid mask syntax as well. Then I could create masks like *.ce.ms/* which has virtually no chance of conflicting with another valid domain name.