I have a client who is being told their website is spreading viruses, or specifically the Tojan Horse Generic_r.bat. I do not handle the website design or hosting, only the internal network jobs.
The webmaster insists everything is fine, but we were flagged before with Google search (they were re-directing people who searched for us to a "This website is known to spread viruses" and give the user a choice to continue or not. We reported it to them, they did something and it started working fine again. Now a dial forward three months, I have a random external consultant telling us our website gave them a virus, twice. Once had to be cleaned, the other time it was picked up by the AV scanner she had loaded, both times soon after as she went to the site.
I looked to see if there was a way to scan a website or it's directory, but everything I see is for a local computer, not a web server. Any tips on this? It is really more for my own improvement, since the web host company is someone selected by the marketing company they contracted with to do their sales and marketing work, but I am interested in the tools they would use to try to prove or disprove this.