LIke the plugin author mentioned this isn’t malicious. It is probably due to the hosting company using a scan signature that is way too broad and generic. Base64_decode and Base64_encode are legitimate PHP code functions. Plugin authors sometimes use them to hide code that is proprietary or contains licensing data. But the functions are also used frequently in malware to hide the malicious code too. However, just because a plugin includes the functions does not mean the plugin has malware in it. You can report it to your hosting company and ask that they start looking at any files flagged by this rule to individually make a determination but that may not be viable for them. In this case I would recommend asking them to examine the file to tell you what is specifically malicious about it. That usually forces them to actually take a look and verify that the file is not malicious at all.
Hope this helps.
Tim
