This malware scanner works like a... malware. If auto_chmod is set to true, this class can change file permissions to chmod 0777 for scanning purposes allowing anyone to modify its contents (even by other users on the same server!) and does not changes it back after scanning. This for example allows anyone to read or change you configuration setting saved in *.php files, read your mail or source codes (depends what type of files you choose to scan by using this class).
Another problem is that this class uses file_get_contents() and @fread($f, filesize($file)); functions to read ENTIRE file into memory, so when the file is bigger than the memory_limit set in php.ini server configuration file, it causes entire script to throw fatal error and in result halt the scanning process.
I've got some concerns about a loop iterating through the signatures array in scan_file() method, this can result in reading and writting the same file many times (so slowing down entire scanning process exponentially).
Another problem is that repairing process can create... another malvare. How so? It uses preg_replace() to delete "malvare" from the file, but what if part of the malvare code is before and after the whole signature like so:
"DELEdeletingING" (signature to found: deleting), after removing the "deleting" string, the file contains another "DELETING" not found before. So in this case, scanning process should repair the file twice, and it's not doing so right now.
What's more there is no real-life "virus signatures" in this class, so it's up to the end-user to find them(which is not an easy task in today times, when there is so many new viruses created every day).