AFAIK all iMessage attachments (since iOS 14) are quarantined via BlastDoor, any such full system takeover must include at least two escapes: one from BlastDoor, and another from the application sandbox. They also need to cope with ASLR. It's pretty heavy duty even in the most basic default configuration.

https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...

Upon re-reading this, it seems like crashes in BlastDoor are reported to Apple in real-time. I think this qualifies as "clientside scanning", tbh.