Virustotal scans are detecting threats from the Suricata default rule pack located https://rules.emergingthreats.net/open/suricata-4.0/
Is this a false positive? https://www.virustotal.com/#/file/c20b744a3ca4d8fef3fa23633db7e94edd064d5ea149be0a4ce063a85046b76f/detection https://www.virustotal.com/#/url/bad1ab778b89d4f8a0a42d0df8b09e37d9ba0e2cffb6169b423e63f9a9fdcafa/detection
Taking into account that the rule sets are plain files that contains rules for snort/suricata I would consider has a false positive, I just download the .tar.gz and there is nothing suspicious there, just the regular files from the set, on the other hand, it could be a fake set and not the official one, better to ask on the mailing list and see the responses if you have doubts about it
[camp0@localhost Downloads]$ sha256sum emerging.rules.tar.gz
c20b744a3ca4d8fef3fa23633db7e94edd064d5ea149be0a4ce063a85046b76f emerging.rules.tar.gz
Download the same file as virustotal report but nothing interesting inside.
