Web Filter 'Malicious' versus 'Spyware' rules?

The Ads and Malicious categories under Services > Web Filter > Basic Settings get handled completed differently to the remainder of the categories.  These first two have a bunch of different rules and download URLs, whereas the others are all unpacked from http://www.shallalist.de/Downloads/shallalist.tar.gz 

Presumably then, the Spyware rules from shallalist probably overlap a lot of the Malicious ones - has anyone done any sort of analysis to confirm?

I've had some problems with snort blocking all traffic once I enable Spyware blocking, so I'm wondering if I'm seeing duplicates or hitting some rule limits..

Wish I could help but I'm doing my content filtering through OpenDNS and using the shield for IPS. I remember trying it out early on and DNS was super slow with the shield.