Does anyone know of a server side application that I wouldn't need server-admin permissions to install, and that will scan my account for malware without interfering with the operation of my account? All I am interested in is a list of problem files. My web host will happily provide this service, then issue an ultimatum (but no further offers of assistance) if they find something. They also offer SiteLock which, as the name implies, locks your site -- not what I want either. Again, just give me the list and let me deal with that. Thank you.
I have two main WordPress websites under my one master account, so a WordPress based solution is possible, but not necessarily what I'm looking for. I'm pretty sure my host didn't use WordPress to scan my site when they did it. The most important of the two is poppersinversion.org, which now stands with WordPress 4.2.2 and Theme X v4.0.4. You can get information about the php installation at http://www.poppersinversion.org/test/phpinfo.php
BTW, I did find and read http://www.experts-exchange.com/articles/10806/Detecting-Recovering-From-and-Preventing-WordPress-Site-Hacks.html
. Great stuff, which I will use, but not what I'm asking for here.