Hi
The issue with what you're describing is in this statement:
it had a malicious file being used to generate and send out spam (I also delted a few other php files with he same modification date which were deemed suspicious).
I'd encourage you to read this post as it explains how SIteCheck works:
http://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html
What your'e describing is an infection, but not something SiteCheck would detect remotely, ever. It's a server script in your directories performing a nefarious act. It's why we're able to clean it up, yet it shows clean on SiteCheck.
In order for SiteCheck to see something it has to see something dirty on the browser.
I hope this provides some clarity on the subject.
Tony