Hi,

I guess this is a false positive, but to be sure you should check the file closer yourself.
You seem to be able to find more information here: http://sane.mxuptime.com/s.aspx?id=Sanesecurity.Malware.27022.XmlHeur.WebCl

It seems like it is searching for <![cdata[{*}activexobj{*}script with {*} being arbitrary text.
I can't find any occurance of activexobj in my Matomo files, so maybe double-check where this is coming from.

I think tmp/assets/asset_manager_non_core_js.js caches the concatenated JavaScript of all plugins, so it isn't completely impossible (but doesn't have to be) that something modified some plugin files.

did find this line in the file : https://share.riseup.net/#btFGRcGYDWr1Jfe47xeqMw which contains activexobj. don't know where its coming from, (zero knowledge of js), but disabled custom opt-out plugin for now, as that was the only other change (installed&enabled), along with the latest matomo upgrade. so maybe it's coming from that plugin.

The line doesn't look like it is from our tracking code, unless it was added through custom opt out or other plugins. ActiveXObject in general is used by us and many other scripts and should be totally fine as it is needed to send tracking requests.

Custom Opt-Out includes a full code editior with syntax highlighting and syntax error detection for CSS and JS if I remember correctly.
So it makes sense that there is a lot of strange JS there causing false positives.

ok, i can confirm that without custom opt-out problem goes away. not a matomo issue, and probably a false positive.
@tsteur & @Findus23 thank you, for your replies and info provided 👍