This is just a snippet I have used before to identify some malicious code on web servers. This will not work on everything; but it will give you a way to find suspect files. It is easy to cron in a script with others to make a nice daily report if you have those concerns.
#!/bin/bash
# Malware Search Script
# 11/1/15 – Matthew D. Curry
# Matt@MattCurry.comecho “Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.”
find / -name *.php -exec grep -Hn .1.=…….0.=…….3.=…….2.=…….5.= {} ;
Hope this helps, enjoy.