I've developed an small script to check user files for certain strings, to check if they store scam.
It reads plain files and check if their content matches any signature you want, stored as a regex string in xml files.
Files must match some extension, by default, only .php, .html, .htm and .pl files are processed.
Every file that matches a signature is logged on a file of your choice.
For now, it only has signatures for paypal and facebook and some php shells, but more will be added on next releases, as final users submit files to be added.
It's in alpha stage so any suggestions are welcome. In fact, any help is welcome. You are free to join the project as developer.
The project site is sourceforge.net/projects/wh-fs/
Give it a try. I hope you find it useful.