McAfee:'Exploit-MS06-006.gen (trojan)'

When I tried download vaadin-6.7.1.jar
from https://vaadin.com/downloading?package=release/6.7/6.7.1/vaadin-6.7.1.jar

McAfee®
Anti-Virus Detection
A file has triggered the anti-virus scanner.

Information:
Context: ‘vaadin-6.7.1.jar’
Detection(s): ‘Exploit-MS06-006.gen (trojan)’

See your system administrator for further information.

Copyright © 1993-2009 McAfee, Inc.
All Rights Reserved.
http://www.mcafee.com

This looks very much like another false positive for exactly the same trojan by McAfee - last time this came from Sampler, where it was easy to show as a false positive.

What this comes down to is that GWT compiler sometimes creates long src attributes in compiled Vaadin widgetsets, and the non-specific pattern in McAfee thinks they may be attacks against an old vulnerability in Windows Media Player 9 or 10.