@xinomilo opened this Issue on November 22nd 2018

running maldet on our servers daily, and after latest upgrade to matomo 3.7.0, we get this hit:
{CAV}Sanesecurity.Malware.27490.XmlHeur.Actx : .../tmp/assets/asset_manager_non_core_js.js

this file gets removed (quarantined) and recreated as far as i can see. is there anything we can do on our side?

thanks,
d.

@Findus23 commented on November 22nd 2018 Member

Hi,

I guess this is a false positive, but to be sure you should check the file closer yourself.
You seem to be able to find more information here: http://sane.mxuptime.com/s.aspx?id=Sanesecurity.Malware.27022.XmlHeur.WebCl

It seems like it is searching for <![cdata[{*}activexobj{*}script with {*} being arbitrary text.
I can't find any occurance of activexobj in my Matomo files, so maybe double-check where this is coming from.

I think tmp/assets/asset_manager_non_core_js.js caches the concatenated JavaScript of all plugins, so it isn't completely impossible (but doesn't have to be) that something modified some plugin files.

@xinomilo commented on November 30th 2018

did find this line in the file : https://share.riseup.net/#btFGRcGYDWr1Jfe47xeqMw which contains activexobj. don't know where its coming from, (zero knowledge of js), but disabled custom opt-out plugin for now, as that was the only other change (installed&enabled), along with the latest matomo upgrade. so maybe it's coming from that plugin.

@tsteur commented on November 30th 2018 Member

The line doesn't look like it is from our tracking code, unless it was added through custom opt out or other plugins. ActiveXObject in general is used by us and many other scripts and should be totally fine as it is needed to send tracking requests.

@Findus23 commented on December 1st 2018 Member

Custom Opt-Out includes a full code editior with syntax highlighting and syntax error detection for CSS and JS if I remember correctly.
So it makes sense that there is a lot of strange JS there causing false positives.

@xinomilo commented on December 3rd 2018

ok, i can confirm that without custom opt-out problem goes away. not a matomo issue, and probably a false positive.
@tsteur & @Findus23 thank you, for your replies and info provided :+1:

This Issue was closed on December 3rd 2018
Powered by GitHub Issue Mirror