Get Off Those Maliciously Loaded Scripts!
Download this free Anti-Malware Plugin for WordPress.

There are a few different reasons that a file might be skipped and is is common to have many skipped files in every scan.

Usually it is because the file are a binary type (like ZIP, EXE, or image files) which cannot be directly executed on the server, sometime it is because they are empty files, so they cannot contain executable code.

If you hover over the file names in the list of skipped files it will tell you why they were skipped.

I’m not sure what file you would even want to scan that would be that large and it could cause performance issues on your server to scan a bunch of large files even if your server was technically capable of doing it.

That said, I have just release a new version of the plugin that allows for an over-ride of the max-file-size by passing the “oversize” value in the URL of the setting page. Well, I can see how that might be hard to understand so I will give you an example to follow:

If you are on the Anti-Malware Settings page then the URL in your browser might look something like this:
domain-name/wp-admin/admin.php?page=GOTMLS-settings

Just add &oversize=72000000 to the end of that URL, like this:
domain-name/wp-admin/admin.php?page=GOTMLS-settings&oversize=72000000

Important note: While this will effectively change the internal limit on my plugin for the maximum file size it will scan to around 72MB, it does not guarantee that your server has been configured to allow PHP processes (like my plugin) access to enough memory to process files that large, so you may need to also increase the memory_limit in the php.ini file on your server. You may need to ask your hosting provider how to do that if you are not sure. I would suggest a memory_limit of at least 4 times the size of the file you want to scan.

Also not: This change may also drastically reduce the speed of the scan but it will only be effective as long as you keep that custom oversize value in the URL of your browser. If you come back to the Scan Settings page from the admin menu link then it will be back to the default value.

With database injections it is more likely to be some kind of exploit of an un-patched or unknown vulnerability, and it also quite possible that the script responsible for this exploit is not even on the site that is being injected. Any other infection or otherwise compromised website on the same server could easily be used to inject malicious content into your database server for any other website on this host.

It really won’t do any good to scan a ZIP file since there is no executable PHP code in the compressed binary ZIP. Those ZIP files would have to be uncompressed first so that you could then scan the non-binary text in the files that might contain executable code. If there is malicious code or an exploitable vulnerability on your website then it is far more likely to be something that is new and just has not been documented yet.

The best way to find the source of this infection is to pin down the exact time that the infection occurs and then check you log files to see what scripts are access at that time.