MAC Rootkit detection?

The Sophos engine does do rudimentary rootkit scanning for both Mac and Windows (and Linux and Unix) rootkit-related malware. 

However, this will only be useful if you are scanning a non-boot volume (for example, mounting another Mac's boot drive in slave mode), as true rootkits have the same system access as SAV and can therefore attempt to evade detection.

There are a number of tools freely available for OS X to help detect/protect against rootkits; these usually involve fingerprinting systems that will alert you if key system files have been modified in non-standard ways. 

One of the best ways I've personally found to check for rootkits on OS X is actually Time Machine: there are a number of third party apps (as well as built-in command line tools) that will let you build diffs of your TM backups against the current state of your machine; I use these along with vbindiff (a command line tool) to see what's actually changed on my system and when.

Most of the rootkit reports I get for OS X turn out to be people who turn on remote login with password authentication and then have an easy to guess login/password combo.  Others have been to do with people who have installed trojans that change the DNS Server settings to point at a malicious DNS server.  Very few could actually be considered a rootkit, and these have mostly been targeted (therefore, a generic detection/cleanup tool would not provide much benefit).

Currently, Sophos only provides AntiRootkit for Windows as part of our commercial product subscription.

I hope this answers your questions.

The Sophos engine does do rudimentary rootkit scanning for both Mac and Windows (and Linux and Unix) rootkit-related malware. 

However, this will only be useful if you are scanning a non-boot volume (for example, mounting another Mac's boot drive in slave mode), as true rootkits have the same system access as SAV and can therefore attempt to evade detection.

There are a number of tools freely available for OS X to help detect/protect against rootkits; these usually involve fingerprinting systems that will alert you if key system files have been modified in non-standard ways. 

One of the best ways I've personally found to check for rootkits on OS X is actually Time Machine: there are a number of third party apps (as well as built-in command line tools) that will let you build diffs of your TM backups against the current state of your machine; I use these along with vbindiff (a command line tool) to see what's actually changed on my system and when.

Most of the rootkit reports I get for OS X turn out to be people who turn on remote login with password authentication and then have an easy to guess login/password combo.  Others have been to do with people who have installed trojans that change the DNS Server settings to point at a malicious DNS server.  Very few could actually be considered a rootkit, and these have mostly been targeted (therefore, a generic detection/cleanup tool would not provide much benefit).

Currently, Sophos only provides AntiRootkit for Windows as part of our commercial product subscription.

I hope this answers your questions.