Possibly it’s the blank subject-line that’s triggering the warning – my Eudora is set up to warn me if I try to send without a subject, so presumably it’s a risky area.
I think the “Permit URL” option is only active if the problem is an iframe or something similar which links to a website. And yes, that does work in the home version – in fact it’s the only warning I ever got from avast.