For SharePoint Online, this is pretty simple – here is the list of supported file types that can be stored in SharePoint Online - http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/types-of-files-that-cannot-be-added-to-a-list-or-library-HA101907868.aspx?CTT=5&origin=HA102694293
This list is not customizable. Note that SharePoint Online does have virus protection built in to check files when they are uploaded.
For Lync Online, if you allow users to transfer files, the following file types are supported - http://support.microsoft.com/kb/2799505.
This list is not customizable. The Intelligent Instant Message Filter (IIMF) solution built into Lync Online checks for viruses.
For Exchange Online, this discussion is a little bit more to think about.
- Exchange Online Protection (EOP) – Malware in EOP will always check for viruses on all attachments.
- Exchange Online Protection (EOP) Transport Rule Predicates – These can be created to check for file extensions - http://technet.microsoft.com/en-us/library/jj919235(v=exchg.150).aspx.
- Outlook – The following is an article about blocked file types for out - http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA102749484.aspx. Your organization can create policies to control this.
- OWA – There is an OWA Mailbox Policy that you can manage through PowerShell. Here is a reference - http://technet.microsoft.com/en-us/library/dd335142(v=exchg.150).aspx. That policy can control files that are allowed or not.
- ActiveSync – There is policy in Exchange Online ActiveSync to block attachments (http://technet.microsoft.com/en-us/library/jj945882(v=exchg.150).aspx), but not by type. EOP Transport Rules (referenced above) would then be utilized control file types.