I am not aware of a way how this can be configured in Jira. but one could implement an event listener which upon upload of a malicious file immediately removes this again and maybe notifies the logged in user by sending an email. This would also catch attachments created by an mail handler. Hopefully time after time users will learn that it makes no sense to attach the type of files you don't want ;)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.