This is an approach taken by Webex and Zoom. I think it's a terrible, terrible idea... but it is how they do it. That doesn't preclude this being a virus, though, it could be legit... or it might not be. (Which is why it is a terrible idea!)
One way you can be sure is if you download but do not open the file, you can check if the file is digitally signed by who you expect. For instance, this is a recent Webex meeting file, it is signed by Cisco so I can be pretty sure it is legit unless Cisco's private key has been compromised (which would be a big deal!)