As an afterthought, what I would recommend, is taking a look at Zeppoo(
zeppoo.net). FYI, zeppoo is 2.6 only.

>From the docs:
"Zeppoo allows you to detect rootkits on the i386 architecture under Linux
by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules,
syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits
which don't use these methods can be fooled easily."

Also of interest,

Bypassing Chkrootkit(translated):
http://translate.google.com/translate?u=http%3A%2F%2Fwww.zeppoo.net%2Farticles%2FBypasserChkrootkit&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools