Every file, no matter what extension, can contain harmfull code. However if this harmfull code will be executed, well that depends.
Example:
- I write some malicious code in basic, run it thruth a compiler ét voila, there you have a .exe or .com which will be harmfull when run.
- Lets say I only send you the code in a .txt file. You do not rename or change anything else. If you double click the text file it will just open and nothing bad will happen.
- Now you set your system to open .txt with a basic compiler/interpreter with a /run switch. You again double click on the .txt file. Now the code will be executed.
- The same .txt file with the same code. You rename it to .bat and double click on it. Depending on the exact code inside it may be executed.
- I send you a mail with a .gif. In the mail I tell you to change that to .exe and that I did it just because my ISP wouldn't let me send .exe
- You change it and run it. See, .gif can also contain harmfull code.
As you can see, every file extension can contain harmfull code. If the code will be excuted depends on a lot of things. What fileextensions you want to scan and if you want to scan archives by default, is entirely up to you.