The function should consider any type of automatic file download to be potentially malicious, even if it opens a download prompt. It should also consider all embedded objects to be malicious, except for Flash Player.
The function will need to be written exclusively for this project, and must not be encrypted in any way.
I just wanted to add some clarification about this project...
The scanner function doesn't need to search for specific exploits, just some of the common methods that are used to install or upload them on a user's computer.
For example, it should flag any embedded objects except for Flash Player. It should also flag attempts to download a file, or access system settings on a computer.
The code will be provided to the function as a parameter, so it just needs to use something like strpos() to search for these potential exploit methods.
If a programmer is familiar with the common exploit methods, this function shouldn't take longer than a few hours to code.