I just got an email from cron on my ~amd64 machine, containing these lines:
Checking 'find'... INFECTED Checking 'netstat'... INFECTED Took me a few minutes to deduce that sys-forensics/chkrootkit was the source of those messages. I ran chkrootkit manually and found the same messages in the output. I then nervously re-emerged findutils and net-tools, but chkrootkit again found the same binaries to be "INFECTED". Running chkrootkit on my ~x86 machine turns up no such infections even though the same packages are installed on both machines. Anyone have any insight into how chkrootkit works, or why the different results? Or, can anyone reproduce my problem? Thanks.
