Comment 5 for bug 1451477

(One thing not handled by the "cat /var/lib/dpkg/info/$P.list" approach described above is symlinks, e.g. /usr/bin/mail. These don't appear in the dpkg .list file [as the actual executable files do], but when the target of the symlink is changed then rkhunter will detect that as a property mismatch on the symlink entry in rkhunter.dat as well as the entry for the target.

I may be missing an easier approach, but one solution might be for the post-invoke hook to check the rkhunter.dat file for other entries that have the same hash value as the lines that it is planning to update, and go ahead and add the file-paths for those entries to the --propupd line as well.)