I second the opinion of downloading the file *without opening it* and comparing it to a known, healthy plugin. This is why it's important to divert from the default passwords on the cameras, and make sure that a secure password is used for authentication to the cameras. In Windows, I would look at the properties of the file and it will say something like "Size: 20.5 KB (21,011 bytes)." Compare the byte size, and if they differ, I would assume that the camera has been compromised.
I disagree that opening the file on a segregated system or "sandbox" would help solve anything. This is because lots of viruses do not give you any indication that there is an infection. They can lie dormant on the system and give you a false sense that the file is safe.
As mentioned above, using VirusTotal.com is a great way to scan a file using multiple AV products. It's a wonderful tool, and you should try it regardless, to keep it under your belt as a tool.
It is easy for hackers to setup a brute force tool to try several passwords a minute. I know a lot of those cameras do not have a lockout, ie if after X failed login attempts, lock out login attempts for X amount of minutes. Because many cameras do not have this feature, it's a good target for brute force/dictionary style attacks.