[tor-relays] IP addresses as false positives?

The antivirus program on a machine running a bridge occasionally reports like so:

Object: https://<some IP address> Infection: URL:Mal [sic] Process: ... \tor.exe

When I track down the addresses I find they are tor nodes (sometimes bridges, sometimes guards, sometimes exits.

Are the flagged nodes in some ways miss-configured, or can I consider these to be false positives? Is there anything to worry about here?

Detail: The tor and standalone vidalia folders have been flagged as exceptions (i.e. excluded) in the virus scanner. The scanner's web module is picking up the IP addresses from the port traffic.

Thanks for any enlightenment - eliaz