Here is how the settings are entered in, exactly:
exe,scr,com,pif,dll,vbs,js,bat,inf,reg,doc,html,htm,shtml,chm,hlp,php
And MIME types:
application/x-msdownload,application/x-msdos-program,application/x-msdos-windows,application/x-download,application/bat,application/x-bat,application/com,application/x-com,application/exe,application/x-exe,application/x-winexe,application/x-winhlp,application/x-winhelp,application/x-javascript,application/hta,application/x-ms-shortcut,application/octet-stream,vms/exe
I know it's ugly to look at but I wanted to enter it exactly as it is in the configuration dialogue. Nothing is being scanned by the Web Shield module on any sites with these settings. It does work with "Scan all files" selected.
What am I doing wrong?
Edit: On further inspection, I did catch a PHP script being scanned, but many, many .html pages are loaded without being scanned, even though the file extension is listed. Same goes for .js files that are loaded by websites, even though they are scanned with "Scan all files" enabled... So it's doing something... just not what I want it do to...