Do we have an up-to-date list of the container types that Exchange Online Protection traverses to inspect the contents? The documentation describes the file types EOP recognises but the later FAQ only confirms that ZIP containers are traversed. A few years ago there was documentation confirming this was one of six types that were handled. Given that some of the other types now in the recognised list are somewhat ambiguous, I find it hard to believe that all of them are traversable.
