When we attach the attachments (files) in the HTML format and ServiceNow scanner will not scan the script inside the attachment. And the HTML content is attached as a file to any record only those files would be scanned.
Scripts containing HTML contents or any other scripts that doesn't come under the antivirus scanning process. And the system cannot recognize the bad script which was stored inside the file.
ServiceNow antivirus scanning happens only when there is an upload of an attachment or download of an attachment. It is like a normal antivirus scan for the files stored in the sys_attachment table.