Try the following scanners to detect potentially malicious PHP files:
phpscanner;
PHP scanner written in Python for identifying PHP backdoors and php malicious code. This tool is mainly reusing below mentioned tools. To use this tool, you need to install yara library for Python from the source.
php-malware-finder;
Does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. Detection is performed by crawling the filesystem and testing files against a set of YARA rules.
php-malware-scanner;
Scans the current working directory and display results with the score greater than the given value. Released under the MIT license.
For more tools, check: Malware scanner for websites code.
