I cannot replicate this on my FF75 (on Ubuntu 18.04). I means: it never doesn’t show to me some kind of alert or warning, neither when i donwload the file or when i try to open it instead or when i download it and afterwards i open it. I think that i tested all these combinations.
I agree with @pete.dawgg that at the end it depends a lot on the browser security-privacy settings, and obviously if you have plugins or anti-malware software installed on your local machine.
So concluding, i would say that the only thing we can do is to “alert” (to tell) the people we are sharing files to, that their browser can show this kind of “discouraging” messages alerting of the risk. Maybe Nextcloud File app interface could include a little text node in cursive under the download link remembering this possibility to all users trying to download the file.
Indeed, @pete.dawgg, the chrome alert message usually appears when it’s a ZIP file and containing XLS documents, or similar type documents that we know are typically used when malware is embedded on documents. You know: viral macros, etc…
In some way is prudent to alert users. But i don’t agree with the exaggerated message, neither with the DIFFICULT to find the way to continue with download (so little button).