The extensions of the files you might find in your addon folders are usually:
.toc: a text file that gives wow information about what the addon is and what files to load
.lua: code
.xml: code of GUI elements mostly
.wav or .mp3: well, audio files
.tga or .blp: some textures
.txt: there can be a readme or a liscence
None of those files can be a problem used by wow. None of this file can be executed from windows without you to rename them to an executable extension or to specifically ask for them to be executed. Therefore, there cannot be a dangerous virus in addons that contain only those files: if there is one, it won't be able to do anything unless you strongly interact with the file.
However, there is still this story about "non virus files being dangerous":
Some time ago, someone created a virus that would basically wait until an image (.jpg only I think, I might be wrong) is open. Upon opening the .jpg, it would read data that can have been hidden in the .jpg while creating the file, and if this data is executable, it would run it. That allowed the coding and broadcasting of new viruses through .jpg files. Those files were not harmful to a sane computer, but if you were already infected, they could do whatever their author wanted them to do, while they looked like any other image.
The thing is that those files aren't the real problem. If your computer is infected, there is already a problem, and you'll get one of those files one day or another, so...
My point is, don't mess too much with "non plain text" "non working sound or image" files in your addons, and nothing wrong will ever happen. Addons
could be made to help a virus destroying your comp or sending confidential data, but if they do, your computer was infected already.