From prodefence.org
Traversing directories for files with php extensions and testing files against text or regexp rules, the rules based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because too easy to bypass rules.