If a website is infected...
Unless you can be 100% sure of where the malware came from and what it changed, because you have an intrusion detection system (OSSEC), simply removing the damage you see (like code in header.php) doesn't actually solve the problem, because whatever put it there in the first place could still exist.
Take a look at this in terms of securing your WordPress in the future:
For now, I don't think you can get around completely reinstalling WordPress. You can export your data and then reimport it, but before you move the uploads folder back, make sure there are no script files in there e.g. something.php or something.js.
It is possible that something unwanted could be stored in the database, but in all my WordPress infections I've seen, the database was always clean, so there's hope.