Hello. I've created a patch file that makes chkrootkit-0.50 a little more cPanel user friendly. I've been using it for a while now and so far, it hasn't detected any false positives. It tries to detect if cPanel is installed and looks for cPanel strings in certain files and if it finds them, it assumes it's cPanel and not a rootkit. You guys are more than welcome to use it. If anyone improves it, please reupload it here so I can try the improved version. There's a few ways to run the patch. First, download the chkrootkit-0.50 file and uncompress it into a directory. For simplicity reasons, I'll assume you downloaded it and extracted it to: /home/user/src/chkrootkit-0.50 If the source is extracted to the chkrootkit-0.50 directory, you can copy the patch file to the directory before that, so you'd have the patch in the /home/user/src directory. You can then run: Code: cd /home/user/src patch -p0 < chkrootkit-0.50.patch This should patch the source code located in the chkrootkit-0.50 directory. The other option is to place the patch file directly in the chkrootkit-0.50 source directory. Again, we'll assume you extracted the source to /home/user/src/chkrootkit-0.50 and you've placed the patch file directly inside the /home/user/src/chkrootkit-0.50 directory. Code: cd /home/user/src/chkrootkit-0.50 patch < chkrootkit-0.50.patch After you've successfully patched the chkrootkit-0.50 source code, simply follow the instructions to compile and install chkrootkit-0.50. After you compile the source code (usually by running make inside the chkrootkit-0.50 directory), you can run it to make sure you don't receive the false positives anymore. If anyone tries the patch, let me know what you think and how well it works. I'm also open for any suggestions on how to improve it. Thanks.