We have found an image with a custom JAR went unidentified by Claircore, which means we were unable to see that is was, in fact, affected by CVE-2021-44228, Log4Shell.

That is because the JAR lacked a pom.properties file and a MANIFEST.MF file, and its name did not conform to the expected regexp: ([[:graph:]]+)-([[:digit:]][-.[:alnum:]]*(?:-SNAPSHOT)?)\.jar

Claircore quits at this point and logs "unidentified jar"; however, this is a valid JAR which contains a sub-JAR with known vulnerabilities.