Today my DiskStation emailed me about detecting malware in the system files. When I looked at the log, I saw this:
It appears this is a false positive in the ClamAV database.
Further reading: https://www.clamxav.com/BB/viewtopic.php?f=1&t=4186&hilit=php.exploit
If your Synology reports the same, simply restore the quarantined file, update virus definitions, and re-scan. It should come up clean. If you had configured Antivirus Essential to automatically delete files, you may have to restore the DSM OS to get the file back.