http://www.perlmonks.org?node_id=798224


in reply to security: making sure graphics uploaded by users are safe

I don't know of any way to embed a virus in jpg or png (not totally sure about gif) files that can self-activate. They would require a separate 'activation' trojan, that modifies the local registry first. This would only be a problem to machines already affected by the trojan before retrieving the uploaded image.

Of course, there are no filters or scanners to identify pornographic or copyrighted materials...