here is the only thing you can do:
1. trust the source code
2. trust the developers.
if you trust the code (1) then go to Electrum's GitHub repository (
https://github.com/spesmilo/electrum/) download the source code and compile it yourself. then if you see an AV error you know it is false.
if you trust the developers (2) then download the binaries they provided and make sure you verify the signature of the file using their PGP public key. then if you see that error again you know it is false.
but it is the matter of what you want to trust and that part is the hardest. if you are uneasy about things then go with first option but try to learn how it works first so that you don't break anything.
