If you are trying to prevent users from downloading dangerous content, preventing them from downloading exe files is not enough. This is a blacklist. It is much better to ask yourself what are the valid file types that you support and block all the others. This is a white list.
To allow certain types of files, you can check the extension, but you can also check the file header (the first couple of bytes from the file) to determine if it really belongs to the type you expect. You will need to find out for each file type what possible headers exist.
Good luck.
Steven
source share