Is the malware scanner configured to analyze the entire filesystem and also look for suspicious patterns?
By default it only looks for known malware on files modified a week ago. To analyze the entire filesystem looking also for suspicious patterns you must change some settings from global configuration -> malware scanner tab. Timeline must be set to 10000 and you must enable the 'deep scan' option.
The following user(s) said Thank You: alanbrackenphoto