That's true, Priyasinha, James is handling this.
The 22.214.171.1240 installer was downloaded without incident. There's definitely something in the 126.96.36.199 exe that Sophos doesn't like the look of. Microsoft Security Essentials OK'd it, though.
Reverting to 3.3 was the only solution.
Note to self (and others), "When verification of an installer download gives this error, DO NOT continue - you will have to uninstall the product to get a working version".