ClamAv not bad copes with the search for shells and viruses on sites. One day, he helped me discover a shell cast on a site with WordPress. The problem turned out to be in some kind of plugin, but this is already beyond the scope of the article. :)
First you need to install ClamAv:
aptitude install clamav
After installation, be sure to update the virus databases by typing the freshclam command in the console. The result of the update is displayed.
root @ localhost: ~ # freshclam ClamAV update process started on Wed Jul 16 11:08:02 2014 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily-19193.cdiff [100%] daily.cld updated (version: 19193, sigs: 1082296, f-level: 63, builder: neo) bytecode.cld is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) Database updated (3506567 signatures) from db.local.clamav.net (IP: 194.186.47.19)
After the update process, you can run a scan. The command is simple:
clamscan -i -r / path / to / site
The -i switch displays only infected files in the scan report.
The -r switch will tell the scanner to scan directories recursively.
When using this command, the scan result will be displayed in the console. If there are many files, and there is no time to follow the console (or desire :)), then you can run a scan in the Screen shell.
If necessary, install it:
aptitude install screen
The scan is launched in this case as follows:
screen -A -m -d clamscan -i -r -l clamlog.txt
The -A -m -d keys for screen start the session minimized. To maximize the screen window, use the screen -r command.
Minimize the window with the scanning process by pressing the keyboard shortcut ctrl + a + d .
Scanner key -l, which will write the scan log to a text file, the name of which must be specified immediately after the key. Information about the found vulnerabilities will not be displayed on the console screen when using screen, since with the completion of scanning the screen also ends its work.
You can also scan files from the list. To do this, specify the -f key and the file containing the list of files to check.
( 2 ratings, average: 5.00 out of 5) 
Loading...
About the screen!
In the console:
screen -t namescreen
Will create a new screen, and automatically go into it! To exit without stopping his work, press Ctr + A + D
screen -list
Displays a list of running screenshots: D
To enter the working screen you need
screen -r 31289.pts-0.namescreen
Here the screen id will be different.
This is me to the fact that you can not write the result in the file, but simply simply periodically look into the working screen.
Running a screen check does not save the results. That is, it will not be possible to do something like “launched and left to do something else.” The check may end earlier than expected, and the result will be unknown, since the screen will also complete its work. :)
not necessary if you initially create a screen with the screen -S clam command
After already in the open screen to run the command.
In this case, everything will be ok =)