Frequently Asked Questions (FAQ)

How to resolve primary virus scanner (auto) error?

You may find you get an error like:

Unable to select a regular expression for your primary virus scanner (auto) - please see the examples in functions.php to create one.

This happens when you are using newer versions of MailScanner and have the auto setting turned on in your MailScanner.conf file. Edit the configuration and set the string for your virus scanners instead of using the auto setting like:

#Virus Scanners = auto
Virus Scanners = clamav

Why are messages quarantined again when I release them in MailWatch?

This is because you need to bypass certain checks for messages from to allow the released messages to pass through MailScanner without being quarantined again.

Set the following in /etc/Mailscanner/Mailscanner.conf:

Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules
Dangerous Content Scanning = %rules-dir%/content.scanning.rules
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

Then the following files should be set-up as follows:


From:       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf


From:       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

Edit the following files in /etc/MailScanner/rules:


From:       no
FromOrTo:       default        yes


From:       yes
FromOrTo:       default        no

Create the following files in /etc/MailScanner:


allow   .*      -       -


allow   .*      -       -

Can I use wildcards when using the Blacklist/Whitelist (SQLBlackWhiteList)?

No - the Blacklist/Whitelist work on an exact first match only basis.

For Example: if the message is to and from and the connecting server address is, the checks are performed in the following order and the first to match returns true (the message is either whitelist or blacklisted depending on the lookup being performed):

To From default default

I can’t get MailWatch to ‘see’ my Quarantined e-mail

This is almost always caused by either setting MailScanner to quarantine messages as Queue files or because the Web Server cannot access the quarantine directory or the files within.

Okay - here’s a list of things that you need to check:

  • SELinux is either disabled or in permissive mode (until someone would like to help add SELinux support to MailScanner & MailWatch)
  • Make sure that ‘Quarantine Whole Message As Queue Files = no’ in MailScanner.conf.
  • Make sure that ‘Quarantine Group = ' and 'Quarantine Permissions = 0660' in MailScanner.conf.
  • Make sure that ‘Quarantine Dir’ and all subdirectories have the correct permissions (e.g. drwxrwx— and is owned by the same group as ‘Quarantine Group’.)
  • Make sure that no part of ‘Quarantine Dir’ is a symlink. Apache typically won’t follow symlinks.
  • Check your Apache error log for any obvious errors.

MailWatch can also use the quarantine in two ways:

  • Look for the files on the filesystem (original pre-1.0.3 behaviour and slower)
  • Store the quarantined state in an indexed field in the database (faster)

This behaviour is governed by the setting QUARANTINE_USE_FLAG in conf.php – if true then the new behaviour is used.

To use the new behaviour correctly – you must disable the MailScanner clean.quarantine script if it is enabled and use the quarantine_maint.php script supplied with MailWatch. This is used to reconcile the quarantine with the database and to remove old files from the quarantine and to update the database to reflect the changes.

MailScanner won’t log to my MailWatch database

This is usually because the ‘Storable’ or other Perl module is missing. Run the following command:

perl -MStorable -MDBI -MDBD::mysql -e 'print "OK\n";'

If you get anything other than ‘OK’ returned, then you are missing one of the Perl modules and need to install it.

I get a fatal error “Cannot redeclare _PEAR_call_destructors()”

MailWatch uses some modified PEAR libraries which conflict with system installed PEAR packages, do not install these pear libraries with your distribution package manager:

  • PEAR
  • Mail
  • Mail_mime
  • Mail_mimeDecode
  • Pager
  • Net_Smtp
  • Net_Socket

Remove them if present