This is useful: http://cbl.abuseat.org/findbot.pl
This script attempts to find malicious files/scripts on your machine. It specifically looks for spambots that we're aware of, as well as "suspicious" constructs in various scripting languages.
root@server:~# ./findbot.pl /home /administrator/components/com_media/controllers/file.php: Suspicious(base64_decode): tRedirect(base64_decode($return). /administrator/components/com_login/models/login.php: Suspicious(base64_decode): $return = base64_decode($return);
Most other ones discovered are false-positives but all the same it is very helpful to know where the known suspicious commands are used within your web applications.