I did download a couple of files from there some time back and at least those that are still relevant appear to be in intact state. That said, data files can't do any harm by themselves as they can't be double clicked and executed. And this type is the most interesting - the level files.
There are some random executable utilities and some old patch utilities for Drakan, which I believe majority of people won't be downloading. Putting REHTool's source code on GitHub and providing binaries there is an option. It could be more attractive to download it from there.
Can VirusTotal scan files that can be accessed from FTProot? Because only some things from the other parts of the server were scanned and flagged. There seem to be some files reported that happen to reference drakan.ru domain, but might not be on the site itself or even harmful.
The server definitely needs some spring cleaning though. Organization is lacking in certain folders. I find single player Trainings level to be quite fun for mindless monster killing, but it was hidden in a random folder with unrelated files.
Despite what I said, it's true that you can never be too careful. False positives are quite a real problem though. I tend to use virtual machine for trying things out. Would take some very sophisticated hackery to break out of there.
The biggest issue is when a trusted source get compromised and you may download and execute supposedly trusted EXE without a second thought. There was also an outcry with Sourceforge bundling some spyware with installers or something like that. Or what about the recent concerns about some games bundling RedShell.
"When a human being takes his life in depression, this is a natural death of spiritual causes. The modern barbarity of 'saving' the suicidal is based on a hair-raising misapprehension of the nature of existence." - Peter Wessel Zapffe