http://sitecheck.sucuri.net/ for checking if a live website is referring to some malicious js / having unwanted iframes
https://www.rfxn.com/projects/linux-malware-detect/ and http://www.clamav.net/index.html and http://www.eset.com/ for scanning files for unwanted conten
from the command line:
grep -r --include=*.php -PHn "eval\(.*\)" . find . -name .htaccess