I just looked into that thing. It didn't trigger anything for me (today...). May I ask you for the following - if this happens again, preserve evidence by saving the file and send it to me (mailto will follow in a PM).
I could cc when I submit them to the virus research folks going forward.
The more general issue is that the virus_research_gateway folks only seem to have one arrow in their quiver: to whitelist by checksum. They don't seem to be able to say "this google analytics URL changes a lot, seems to run afoul of heuristics every time it does... but things from them are very very unlikely to be malware -- let's not flag heuristics on ssl.gstatic.com or fix the heuristic detection."
Right now for these problem URL's I've had to whitelist them on my end by URL, so I'll not know when they run afoul again. Perhaps some interlock with the Virus_research_gateway@avertlabs.com and a dialog with them might provide the data you seek and divine a better way to make this easier for customers.
McAfeeGW: Heuristic.BehavesLike.Exploit.CodeExec in various flavors seems to be very false prone on some URL's that are ephemeral for us, but very common. There are at least 10 such a day I have to ignore. I believe they are streaming video related and all in the IP block of Akamai or Limelight networks and have /idle/[randomalphanumeric]/XXXX where XXXX is a 2 to 4 digit number e.g.
Oh, on a lighter note, I do have a story of a good thing coming from a heuristic detection today. I learned that a coworker at this location is also a musician when a likely false positive MGW: Heuristic.BehavesLike.JS.Unwanted rolled through on http://www.guitarcenter.com/Includes/GuitarCenter/scripts/minified/cartpage.min. js?version=22.00
I reported it to the research folks earlier today so YMMV.
Today for us it's Verisign...
Virus : McAfeeGW: Heuristic.BehavesLike.Exploit.CodeExec.C
Généré 10/Jul/2013:08:26:44 -0400 by LQ500-SW01 (McAfee Web Gateway 6.9.3 Build 13514 - )
I have submit to both email@example.com et TrustedSource
Virus detections should not be submitted to firstname.lastname@example.org, they are used for site categorization issues.
Refer to KB62662 for virus false positives (https://kc.mcafee.com/corporate/index?page=content&id=KB62662).
I shall take a look and submit it myself as well.