I got a report these days about a site being flagged as forgery by Google Safebrowsing. Usually these situations are easy to handle since most of the times there is a flaw of a php script that allow attackers to upload/modify different .php/.js/.css files. Doing a find or restoring the files fixes the problem.
This time I did not find any modified file..but still the sites were being reported to contain malware. Then I’ve checked in the database and seems there were some iframe entries to redirect to some malware sites. Truncating and reimporting the affected tables solved the issue.
Question remains : is there any malware scanner for databases? What if instead of a iframe some hardcoded strings are set..most likely I would have missed those.