That's true, Priyasinha, James is handling this.
The 188.8.131.520 installer was downloaded without incident. There's definitely something in the 184.108.40.206 exe that Sophos doesn't like the look of. Microsoft Security Essentials OK'd it, though.
Reverting to 3.3 was the only solution.
Note to self (and others), "When verification of an installer download gives this error, DO NOT continue - you will have to uninstall the product to get a working version".