McAfee incorreclty reports a trojan in Vaadin


We have a problem with delivering our product to a customer, because McAfee reports a Trojan. Now I known there is a
, but this is already 3 months ago. Currently we are unable to deliver our project. This has a
Highy Priorty
for us.

Are there ways to work around this problem? Could Vaadin contact McAfee again?


This appears to happend only since vaadin 6.7.0, Maybe, you could try to downgrade to 6.6.8 (I know it won’t solve the problem but, it might allow you to deliver your product to your customer while Milestone contact McAfee)…


Does this occur for you with multiple different versions of Vaadin? Also with your own widgetset and not only the default widgetset?

McAfee seems to use too generic a pattern for a very old trojan, which matches something in the compiled widgetset, so even a small modification in the client side code or its compilation could make a difference. As a workaround, you could try to use a slightly different version of GWT to compile the widgetset to see if it changes anything, or try to compile your widgetset with a different optimization level (or in the “PRETTY” mode) and see if the problem still occurs.

McAfee has problems with the default widgetset in the Vaadin jar.

We don’t compile our widgetset, we just use the default one.

The version we have the problem with is Vaadin 6.7.4 I will check other versions

hmm, only McAfee and Comodo have problems:

6.6.8 has no problems:

6.7.6 has no problems according to virustotal. I dont have a McAfee scanner right now, but will try soon.