rspamd: More comprehensive attachment handling (#3273)

- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad

data/conf/rspamd/local.d/external_services.conf

@@ -4,4 +4,6 @@ oletools {
   # needs to be set explicitly for Rspamd < 1.9.5
   scan_mime_parts = true;
   # mime-part regex matching in content-type or filename
+  # block all macros
+  extended = true;
 }

data/conf/rspamd/local.d/mime_types.conf

@@ -4,13 +4,22 @@ bad_extensions = {
   scr = 4,
   lnk = 4,
   exe = 1,
+  msi = 1,
+  msp = 1,
+  msu = 1,
   jar = 2,
   com = 4,
   bat = 4,
+  cmd = 4,
+  ps1 = 4,
   ace = 4,
   arj = 4,
   cab = 3,
-  doc = 10,
+  vbs = 4,
+  hta = 4,
+  shs = 4,
+  wsc = 4,
+  wsf = 4,
 };
 
 # Extensions that are particularly penalized for archives