By default, Salesforce doesn’t allow admin to configure or restrict a user from adding a specific type of files. Admin may need that user should not be able to attach files of type exe, dll which can have the virus in them. Also, there is no virus check is done when a file is getting uploaded to the Salesforce.
But Salesforce does allow writing trigger on the Attachment Object by which you can implement such restrictions. Following is the snippet of the code which will restrict the user from adding the files with extension mentioned in the set list. You can also edit the code and do the reverse by checking if extension exists in the set then only allow attaching the file.
Once trigger code is up and running, whenever Salesforce tries to attach any file with extension exe or dll he will come across following error message.