https://manual.calibre-ebook.com/faq...a-virus-trojan
And in your case since its a PHP malware, and calibre does not use PHP, either windows defender was on a bender or it found something it didnt like in some ebook file or html file that was viewed/read/downloaded since these are often saved in temporary folders on the disk.