Arch Linux

Description:
rkhunter gives a warning that heimdal 1.3.1-2 is infected by the Adore rootkit.

This is the relevant part of /var/log/rkhunter.log:
Checking for Adore Rootkit...
Checking for file '/usr/secure' [ Not found ]
Checking for file '/usr/doc/sys/qrt' [ Not found ]
Checking for file '/usr/doc/sys/run' [ Not found ]
Checking for file '/usr/doc/sys/crond' [ Not found ]
Checking for file '/usr/sbin/kfd' [ Found ]
Checking for file '/usr/doc/kern/var' [ Not found ]
Checking for file '/usr/doc/kern/string.o' [ Not found ]
Checking for file '/usr/doc/kern/ava' [ Not found ]
Checking for file '/usr/doc/kern/adore.o' [ Not found ]
Checking for file '/var/log/ssh/old' [ Not found ]
Checking for directory '/lib/security/.config/ssh' [ Not found ]
Checking for directory '/usr/doc/kern' [ Not found ]
Checking for directory '/usr/doc/backup' [ Not found ]
Checking for directory '/usr/doc/backup/txt' [ Not found ]
Checking for directory '/lib/backup' [ Not found ]
Checking for directory '/lib/backup/txt' [ Not found ]
Checking for directory '/usr/doc/work' [ Not found ]
Checking for directory '/usr/doc/sys' [ Not found ]
Checking for directory '/var/log/ssh' [ Not found ]
Checking for directory '/usr/doc/.spool' [ Not found ]
Checking for directory '/usr/lib/kterm' [ Not found ]
Warning: Adore Rootkit [ Warning ]
File '/usr/sbin/kfd' found
...
Rootkit checks...
Rootkits checked : 248
Possible rootkits: 1
Rootkit names : Adore Rootkit

chkrootkit doesn't detect this rootkit. So it's possible that it's a false positive, but it's also possible that chkrootkit doesn't detect it even if it should from what the website http://www.chkrootkit.org says.

So this issue should be checked.

There's also a thread in the forums: http://bbs.archlinux.org/viewtopic.php?id=86539
I don't know if it's helpful.