Open up the Exchange Admin Center: https://outlook.office365.com/ecp/?rfr=Admin_o365
Go to Mail Flow -> Rules and add a new rule.
Click on "more options" at the bottom of the rule to get the options required.
Create the following rule (settings can be found in Any attachment -> file extension includes these words) and make sure you include the exception. Save the rule and ensure it is enabled and higher than any other spam rule you have in your mail flows.
It pushes them to the quarantine so you might want to check that for the first few weeks to ensure nothing is blocked that shouldn’t be: https://security.microsoft.com/quarantine?viewid=Email