How do I find infected files in a Unix account

Greetings Experts

Does anyone know of a server side application that I wouldn't need server-admin permissions to install, and that will scan my account for malware without interfering with the operation of my account?  All I am interested in is a list of problem files.  My web host will happily provide this service, then issue an ultimatum (but no further offers of assistance) if they find something.  They also offer SiteLock which, as the name implies, locks your site -- not what I want either.  Again, just give me the list and let me deal with that.  Thank you.

I have two main WordPress websites under my one master account, so a WordPress based solution is possible, but not necessarily what I'm looking for.  I'm pretty sure my host didn't use WordPress to scan my site when they did it.  The most important of the two is poppersinversion.org, which now stands with WordPress 4.2.2 and Theme X v4.0.4.  You can get information about the php installation at http://www.poppersinversion.org/test/phpinfo.php

BTW, I did find and read http://www.experts-exchange.com/articles/10806/Detecting-Recovering-From-and-Preventing-WordPress-Site-Hacks.html .  Great stuff, which I will use, but not what I'm asking for here.

Thank you.
NonComposMentisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I do not know if you can install Antivirus as a user in Linux. You can install Bit Defender on a USB stick and that might work.

http://www.pendrivelinux.com/put-bitdefender-rescue-cd-on-a-usb-flash-drive/
0
NonComposMentisAuthor Commented:
I don't have physical access to the server, so the USB stick wouldn't work.  The linked post was for a "rescue disk" on a USB stick.  Fortunately, I have backups to serve that purpose.  What I don't have is any knowledge of what malware files may be on my account.  Sadly, as I explained, I can't just ask my web host provider.

I was hoping somebody knew of an elaborate php script or something.  I'll admit it was a bit far-fetched.
0
Ray PaseurCommented:
I can't just ask my web host provider.
Sorry if this seems like a naive question, but why not get a new hosting provider?  Maybe one that is secure and helpful.

When WordPress installations become infected with malware it's almost always because someone installed an add-on without understanding the code or risks associated with the add-on.  Fortunately there are WordPress forums at WordPress.org that give us good access to community-rated themes and plugins, so with a little research it's possible to avoid the "edge cases" that are at risk of infection.  

WordPress offers its own hosting service, and is in the process of developing a list of recommended services:
https://wordpress.org/hosting/

The "Thanks to" page from PHP.net lists some dependable services, including some hosts:
http://php.net/thanks.php
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NonComposMentisAuthor Commented:
Thanks, Ray.  It never actually occurred to me to switch.  I just assumed that once you left wordpress.org or wordpress.com and got your own domain name, any host would be as jumpy about malware.  I would be if I were a web host!  But they certainly could be more helpful.

After I originally wrote my question above,  but before I posted it, they came up with a new malware scanning service for clients who don't have SiteLock.  Problem is I don't know how I am counted.  I have SiteLock, I just don't have it turned on.  I think I just need to bite the bullet and call them.
0
NonComposMentisAuthor Commented:
This question has been out there for a while, and it doesn't look like the answer I'm looking for is forthcoming.  However, Ray suggested a solution I hadn't thought of (switching hosts) and gave a set of references which I'm finding helpful (including hosts to switch to).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.