McAfee:'Exploit-MS06-006.gen (trojan)'

When I tried download vaadin-6.7.1.jar

Anti-Virus Detection
A file has triggered the anti-virus scanner.

Context: ‘vaadin-6.7.1.jar’
Detection(s): ‘Exploit-MS06-006.gen (trojan)’

See your system administrator for further information.

Copyright © 1993-2009 McAfee, Inc.
All Rights Reserved.

This looks very much like another false positive for exactly the same trojan by McAfee - last time this came from Sampler, where it was easy to show as a false positive.

What this comes down to is that GWT compiler sometimes creates long src attributes in compiled Vaadin widgetsets, and the non-specific pattern in McAfee thinks they may be attacks against an old vulnerability in Windows Media Player 9 or 10.