After updating from sys-apps/keyutils-1.5.9-r4 to 1.6.1:
# cat /var/log/rkhunter.log
[08:42:37] Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ]
[08:42:41] Warning: Checking for possible rootkit files and directories [ Warning ]
[08:42:41] Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
Virustotal says file clean, so may be false positive.
Rkhunter bug 170 - marked as fixed in next release.(Feb 7, 2021) but 1.4.6 still appears to be current.