hey hey,
Not sure if you can validate if the file is an actual image unless you create custom validators for zend_form. if you are going complete Zend.
if not the good news is that Zend_Validators can be used stand alone so yay!! now here are a few things you can do:
for each so called mallicious data string you got you use:
$handle = fopen($file, 'r') and $content = fread($handle); then search the $content as a string for the codes that are of the language.
javascript, lua, .net, php look for the word function, or even the ' = ' with the spaces.
it's highly unlikely that an image read would have ' = ' but the proof is in the code.
Beyond that there aren't truly and other validation for images rather than the ones already set for Zend_Form_Element_Image types.