possible false positive for 'INDICATOR-SHELLCODE x86 setgid 0' can someone confirm

[John via Snort-sigs <snort-sigs () lists snort org>]

When I attempt to download the following xz file, my IPS blocks it with the below populating the snort log.  I suspect 
this is a false positive unless there is some code in the xz file that is truly malicious.  Can someone with more 
knowledge about the rule please comment?

Link to file that triggers the match:
http://fl.us.mirror.archlinuxarm.org/armv7h/extra/qt5-base-5.15.15%2Bkde%2Br136-1-armv7h.pkg.tar.xz

Entry from snort log:
10/28-11:18:15.126950 [drop] [**] [1:38124:4] "FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table 
Heap overflow attempt" [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 209.222.17.72:80 -> 
10.9.8.108:50162
10/28-11:18:15.470727 [drop] [**] [1:649:15] "INDICATOR-SHELLCODE x86 setgid 0" [**] [Classification: A system call was 
detected] [Priority: 2] {TCP} 209.222.17.72:80 -> 10.9.8.108:50162
10/28-11:18:15.497146 [drop] [**] [1:649:15] "INDICATOR-SHELLCODE x86 setgid 0" [**] [Classification: A system call was 
detected] [Priority: 2] {TCP} 209.222.17.72:80 -> 10.9.8.108:50162
10/28-11:18:15.525330 [drop] [**] [1:649:15] "INDICATOR-SHELLCODE x86 setgid 0" [**] [Classification: A system call was 
detected] [Priority: 2] {TCP} 209.222.17.72:80 -> 10.9.8.108:50162
...
note there are totally 20 entries
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!