Nmap is able to detect malware and backdoors by running extensive tests on a few popular OS services like on Identd, Proftpd, Vsftpd, IRC, SMB, and SMTP. It also has a module to check for popular malware signs inside remote servers and integrates Google’s Safe Browsing and VirusTotal databases as well.

A common malware scan can be performed by using:

nmap -sV --script=http-malware-host 192.168.1.105

Or using Google’s Malware check:

nmap -p80 --script http-google-malware infectedsite.com

Output example:

80/tcp open  http
|_http-google-malware.nse: Host is known for distributing malware.