It's a false positive. If you're concerned, install Sigil using winget (built into Windows) or Chocolatey. They use the official Sigil installers, but they do their own scanning and vetting. Windows lends a lot of trust to programs installed via those methods.
From an admin prompt (install for all users):
winget install -e --id Sigil-Ebook.Sigil --scope machine
Or to install for only the current user (no admin needed):
winget install -e --id Sigil-Ebook.Sigil --scope user
Sigil 2.3.1 has passed winget and Chocolatey's anti-malware scans with no problems.
They both also verify checksums before installing to make sure packages have not been altered since they were uploaded.
NOTE: not sure why Bkav Pro changed their mind from when Chocolatey tested v2.3.1
https://www.virustotal.com/gui/file/...b32-1725813282
To be thorough... the Sigil-2.3.1-Windows-x64-Setup.exe binary on Github (where the sigil-ebook.com website's download buttons point to) is the same binary that I uploaded on Sep 6. I always save a local sha256 checksum just in case both the binary asset AND the uploaded checksum file should ever become compromised.