[solved] Maldet ModSecurity rule report false positive even file is OK by maldet

UPDATE: I found the cause. I had to remove this line from the rule:
SecTmpSaveUploadedFiles On


Hello,

this is the ModSecurity rule i found and be claimed to scan web server file uploads by Malware Detect software:

SecRequestBodyAccess On
SecTmpSaveUploadedFiles On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/modsec.sh" "log,auditlog,deny,severity:2,phase:2,t:none,id:99587,msg:'Malware found by LinuxMalwareDetect.'"

Code (markup):

When i upload image (certainly clean image of an nature scenery), ModSecurity stop the request:

Request:POST /wp-admin/async-upload.php
Action Description: Access denied with code 406 (phase 2).
Justification: File "/tmp/20190111-110811-XDh5G5teQx0AAHSqbjYAAAAA-file-lw445E" rejected by the approver script "/usr/local/maldetect/modsec.

Code (markup):

But when i DISABLE above mentioned ModSecurity rule, deploy changes, restart Apache, the upload WORKS.

Then i go to command line and check if Maldet really consider the file malware:
# /usr/local/maldetect/modsec.sh /home/acctnamehere/www/wp-content/uploads/2019/01/foto2.jpg

maldet(3065): {scan} setting maximum execution time for 'find' file list: 14400sec
1 maldet: OK

I check file permissions, here i am unsure if are correct:
# ls -lha /usr/local/maldetect/modsec.sh
lrwxrwxrwx 1 root root 11 Sep 1 23:56 /usr/local/maldetect/modsec.sh -> hookscan.sh*

In /usr/local/maldetect/conf.maldet is:

# Allows non-root users to perform scans. This must be enabled when
# using mod_security2 upload scanning or if you want to allow users
# to perform scans. When enabled, this will populate 'pub/' with user
# owned quarantine, session and temporary paths to facilitate scans.
# [ 0 = disabled, 1 = enabled, disabled by default ]
scan_user_access="1

Code (markup):

So the ModSecurity rule is wrong? Can you please suggest how to fix the rule?