Situation: Am the webmaster for a nonprofit website written using WordPress (but am not the original developer). The hosting company was chosen (before I was involved) because it was cheap.
Periodically, they scan for viruses and malware using ClamAV.
Last week they reported that 79 files had malware.
To verify that the files were truly "infected", I downloaded (using FTP) the files and ran Malwarebytes Anti-Malware and Avast against those files but found NOTHING.
When I informed host support, the response was: "The viruses or malware which infect the website files are different from the ones which infect a computer/laptop."
Is this truly the case? Should I use ClamWin to verify (my PC is a Windows 10, 64 byte machine)?