I have written a better cron script, so thought would share it:

#!/bin/bash
SYSADMIN=youraddress@isp.com
TMPDIR=/tmp
HOSTNAME=`hostname`
DATE=`date "+%d/%m/%Y %H:%M"`
CHKROOTKIT=/usr/local/chkrootkit/chkrootkit
MAIL=mail

#
# Clean up before its runs
rm -f $TMPDIR/chkrootkit.$$
if [ -f $TMPDIR/chkrootkit.$$ ]; then
echo "Checkroot kit temp files exist in $TMPDIR directory that cannot be removed. This
may be an attempt to spoof the checker." \
| $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" $SYSADMIN
exit 1
fi

#
# Check for root kits
$CHKROOTKIT |grep INFECTED > $TMPDIR/chkrootkit.$$
if [ -s $TMPDIR/chkrootkit.$$ ]; then
cat $TMPDIR/chkrootkit.$$ | $MAIL -s "$DATE - ROOTKIT DETECTED ON $HOSTNAME!" $SYSADMIN
fi

# Clean Up
rm -f $TMPDIR/chkrootkit.$$

Cheers,
Max
www.intellectit.com.au