Even if you are checking to see whether the file type is a valid image, jpg, gif or png, would it be possible to create a malicious program that has an image file type? I've never heard of anything like this, but would it be possible?