Inline HTML images and ZIP files with special headers are not scanned.
vulners.com/securityvulns/securityvulns:doc:7720