I just checked that the installer from mirror.freedif.org with the .sig file from
ftp.gnu.org, and it checks out, so I assume this is a case of a false positive on Symantec's part. Right?
yes, there have been a few discussions here and on the maintainers email list over the past couple weeks since the latest Octave release. v5.2.0_1 has a file libsqlite3-0.dll that has been setting off Trojan false positives. (v5.1.0 and 5.2.0 don't have this issue).
While some of us have submitted the file for whitelisting with some providers (McAfee was the biggest name so far), that obviously has yet to have occurred.