We had a solution to the problem identified by avast.
Our site was calling a javascript feature at the root of html,
the feature is called piwik.
The solution was to remove this script from the html root,
I hope it helps someone if they have the same problem.