Lance, you are trying to reinvent the wheel. You will never be able to duplicate applications like maldet which is both designed to identify and remove/quarantine malware AND is updated regularly. It can be run via CRON and will notify you of any malware (in JS or PHP or other signatures it has in its database).
IMHO, you need to THINK Security from a webmaster's point-of-view where you use VERY strong passwords on everything (control panel login, FTP, telnet, etc), you only upload known "clean" files and you run your own script to check on those files to ensure that they've not been modified (or to report on those modified to you so you know whether you're the one who updated or you'd been hacked). I'd discussed that type of file some time ago and wrote an article for SitePoint on doing just that (hint: try the search button within SitePoint articles; it's only a few months since it was published).
Finally, IF you are using CANNED applications (WordPress, Joomla, Drupal, ZenCart, OSCommerce, etc) as you MUST check daily and update ASAP in order to beat the "script kiddies" to the hacker websites where the latest exploits will be published. If you delay, you will be hacked (plan on it and make backups regularly).