Maldetec detected files, quarantined them now ncp doesn't work

This was the report of running maldetect:

PATH: /
TOTAL FILES: 384772
TOTAL HITS: 6
TOTAL CLEANED: 0

WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users!
To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run:
/usr/local/sbin/maldet -q 190130-1632.12938

FILE HIT LIST:
{HEX}php.gzbase64.inject.452 : /var/lib/clamav/rfxn.yara
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /var/lib/clamav/rfxn.ndb
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /var/lib/clamav/rfxn.hdb
{HEX}php.exe.globals.411 : /var/www/ncp-web/index.php
{HEX}php.nested.base64.640 : /etc/modsecurity/owasp-modsecurity-crs/util/regression-tests/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml
{HEX}php.gzbase64.inject.452 : /root/software/linux-malware-detect/files/clean/gzbase64.inject.unclassed

Linux Malware Detect v1.6.3 < proj@rfxn.com >

I hope these are false positives? I googled some of them and it doesn’t sound good. Is my NC(Pi) hacked and infected? How is that possible?

I quarantained the files. Then index.php from /www/ncp-web was moved there as well. So I chose to move it back and now it just doesn’t work anymore. Then I downloaded index.php from github and now I get AES encryption things.

Does anyone else also gets these results on those files with maldetect? I have a backup but it might be infected, just like one older one.

I’m afraid I have to install everything all over again?
Unless these are false positives, which I’m hoping for. Maybe everyone has them right from after freshly installing NCP…

(on an extra note: after enabling encryption I uploaded files, unplugged the external device and could open the uploaded files on another device)

Nobody is willing to run maldet on their NCP’s to check? Or knows more about malware on linux?