I am really looking for feedback on this one. I made the malware scanner package and although it works with common PHP malware I want to expand it to include JS injections and more and to do this in a way that scans can be constantly done.
As a result of the recent rash of Wordpress infections I am taking this on as a NodeHost service. The system would do scans on files every few hours, and important or recently changed files more often. Updates to the malware definitions will be done on each run.
So the idea is that the system will be on the panel and files are scanned in batches and instead of replacing files with dummy files it will try and clean the infection, if the entire file is a infected file and there is no good code it might remove it (worst case).
Scans will be done and a list of results will be presented, if something is found you will get an alert via clicking the email link or using actions on the panel you can clean it. This will work by placing a single PHP file on your site and pointing us to it, we will use it as a API to do our work and update the script as we need. We will also do integrity checks on our own files when hosted on your site.
I have no idea how long this will take but it has been in mind for a few years now and I see a need for it.
If you don't host at NodeHost this will be great as you can still fully use it.