Some messages are marked as unscannable for Threat Defense which contain attachments that should be scanned. Message Audit Logs (MAL) show that content analysis has been bypassed for the message and the message is given the "Threat Defense: Unscannable" verdict.
This can occur when too many files are being actively scanned by Content Analysis and the Content Analysis queue is full.
If this happens frequently, you may need to adjust the Threat Defense>Scan Settings to increase the size of the Content Analysis queue to better match your needs.
Note: increasing the size of the content analysis queue will result in addition disk space usage by the queue. If increased to too high a value this may exhaust