I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouraging to get ignored after having invested substantial
effort in diagnosing or at least reliably reproducing a kernel problem.
Well, complaining is futile. Try to work around in user space.
E.g. try to patch unhide-tcp so that it reads the NFS port number from
a file which you create before the Rkhunter run.
You could let function checkoneport() return "ok" if "port" is the
registered NFS zombie. This would be done before the function runs
netstat by
if (NULL != (fich_tmp=popen (command, "r")))
in
https://sources.debian.net/src/unhide/20130526-1/unhide-tcp.c/#L190