The suspect file you're looking at is a PHP archive (.phar). 'Pear' stands for PHP Extension and Application Repository, and is part of a standard Mac OS X install. It appears that yesterday's (10/15) ClamXav signature update flags this particular archive and others like it (tar.gz) that until now have neither been changed in quite a while nor been flagged as infected. Re-scanning the uncompressed archives returns no infection flag, suggesting that the flag is made in error (false positive). ClamXav has been notified and (presumably) is working on it.
Take home message: leave this quarantined file alone for the time being, sit back and wait for more info on this.
