Virus alert in Windows installer


I downloaded the KNIME Full installer for 64-bit Windows system, and my anti-virus software detects the exploit pattern of EXP/CVE-2011-3544.AG.Gen in the Installer

The only information I got from the virus database is, that this exploit could be used to hack into a system, and its danger level is "medium". I then downloaded the normal KNIME Installer (without the plugins) to check whether it is a problem of the plugins, but Avira there also detects this virus pattern.

On one side, I know that KNIME is also used commercially, Avira was searching for patterns and not the virus itself, and the download was started from website (so I can assume that this is no corrupted download package manipulated by some hacker), so it should be safe; on the other hand I did not see any hint to false alarms on anti-virus software in the FAQ, KNIME guide or forum (all I found are potential problems regarding a huge amount of data being processed or claimed memory for, which could be denied by some anti-virus software).

Did anyone experience similar alarms and can confirm that this is a false alarm or knows what could cause a false alarm in the KNIME package?



first of all this is a false alert! The source code does not contain any virus and the installer has not been compromised. However some Antivirus programs do detect the JavaSnippetUtil.class as the EXP/CVE-2011-3544.AG.Gen virus.

Since KNIME is open source you can always have a look at the source code of the corresponding java file. The file in question is the class JavaSnipptUtil which is located in the org.knime.jsnippets feature in the package org.knime.base.node.jsnippet. For your convenience we have attached the actual code of this class. If you still want to check that the class file hasn't been compromised you can use a Java decompiler e.g. Java Decompiler to inspect the code of the class file in question. Just unzip the JD-GUI and open the JavaSnippetUtil.class file and you will see the same code as attached.

We will try to change the signature of the class in order to prevent this false alert in the future.

Sorry for the inconveniences,

The KNIME Team


we have contacted Avira and they have confirmed the false alert for the JavaSnippetUtil.class. The false detection is removed from the Avira virus definition file (VDF) with the version:

Sorry for any inconveniences this false alert has caused.

The KNIME Team