diff --git a/evomalware.sh b/evomalware.sh
index 732acaf..2a4c203 100644
--- a/evomalware.sh
+++ b/evomalware.sh
@@ -4,7 +4,9 @@
 # You can set aggressive to true to search for suspicions scripts.
 aggressive=false
 # Path to search for.
-wwwpath=/home
+#wwwpath=/home
+# Path for cPanel(and some Directadmin) servers. Server's running Pesk should use /var/www/vhosts/*/httpdocs
+wwwpath=/home/*/public_html
 # URL to download patterns and filenames.
 databaseURL="http://antispam00.evolix.org/evomalware"
 databasePATH=/var/lib/evomalware
@@ -80,28 +82,28 @@ while read file; do
 done < $fileslist
 
 # Search for suspicious scripts... Only when in aggressive mode.
+# It will increase scan time, but swapped all instances of '.' here with '$wwwpath' to work with cases of multiple httpdoc areas(ie on shared hosting panels)
 if ( $aggressive ); then
-    cd $wwwpath
-    $find . -name javascript.php
-    $find . -name bp.pl
-    $find . -name tn.php
-    $find . -name tn.php3
-    $find . -name tn.phtml
-    $find . -name tn.txt
-    $find . -name xm.php
-    $find . -name logs.php
-    $find . -type f -name "*.php" -exec sh -c 'cat {} | awk "{ print NF}" | sort -n | tail -1 | tr -d '\\\\n' && echo " : {}"' \; | sort -n | tail -10
-    $find . -type f -name "*.php" -exec sh -c 'cat {} | awk -Fx "{ print NF}" | sort -n | tail -1 | tr -d '\\\\n' && echo " : {}"' \; | sort -n | tail -10
-    $grep -r 'ini_set(chr' .
-    $grep -r 'eval(base64_decode($_POST' .
-    $grep -r 'eval(gzinflate(' .
-    $grep -r 'ini_set(.mail.add_x_header' .
-    $grep -r '@require' .
-    $grep -r '@ini_set' .
-    $grep -ri 'error_reporting(0' .
-    $grep -r base64_decode .
-    $grep -r codeeclipse .
-    $grep -r 'eval(' .
-    $grep -r '\x..\x..' .
-    $grep -r 'chr(rand(' .
+    $find $wwwpath -name javascript.php
+    $find $wwwpath -name bp.pl
+    $find $wwwpath -name tn.php
+    $find $wwwpath -name tn.php3
+    $find $wwwpath -name tn.phtml
+    $find $wwwpath -name tn.txt
+    $find $wwwpath -name xm.php
+    $find $wwwpath -name logs.php
+    $find $wwwpath -type f -name "*.php" -exec sh -c 'cat {} | awk "{ print NF}" | sort -n | tail -1 | tr -d '\\\\n' && echo " : {}"' \; | sort -n | tail -10
+    $find $wwwpath -type f -name "*.php" -exec sh -c 'cat {} | awk -Fx "{ print NF}" | sort -n | tail -1 | tr -d '\\\\n' && echo " : {}"' \; | sort -n | tail -10
+    $grep -r 'ini_set(chr' $wwwpath
+    $grep -r 'eval(base64_decode($_POST' $wwwpath
+    $grep -r 'eval(gzinflate(' $wwwpath
+    $grep -r 'ini_set(.mail.add_x_header' $wwwpath
+    $grep -r '@require' $wwwpath
+    $grep -r '@ini_set' $wwwpath
+    $grep -ri 'error_reporting(0' $wwwpath
+    $grep -r base64_decode $wwwpath
+    $grep -r codeeclipse $wwwpath
+    $grep -r 'eval(' $wwwpath
+    $grep -r '\x..\x..' $wwwpath
+    $grep -r 'chr(rand(' $wwwpath
 fi