I'm guessing this is yet another case of "the engine had 2% confidence that it might possibly be X, so let's call it an X and delete it" antivirus brainfart. I say throw the URL at Sophos' "virus report" thingy, them about the false positive, and wait.
Also while we're on the subject, are there any effective techniques out there (binary fuzzing, injecting nops, or rearranging the code and adding jmps, for example) to mitigate this? I'm guessing categorically not...
The title in this URL seems a little simplistic, but this is what I hand people on this subject (I'd advise reading at least the first 8-10 PgDns of it): https://www.reddit.com/r/buildapc/comments/3e16h7/what_is_th...
Also while we're on the subject, are there any effective techniques out there (binary fuzzing, injecting nops, or rearranging the code and adding jmps, for example) to mitigate this? I'm guessing categorically not...