I notice there's a new posting on this, also. I scanned the file with antimalwarebytes and of course it was negative. I installed it sandboxed and didn't see anything bad happening. I'm convinced its a false positive.
But it would be a great attack vector, and I wonder if you would consider posting an md5 hash of the files available...at least someone attacking your website would have to change two things
I'd suggest either starting a new heading or making this sticky.