Slightly Different File Upload Security

I’m working on a file submission page for a graphic designer. This form needs to allow for the standard image files (jpg, gif, etc.), but also some others (.ai, .eps) that I don’t see very often. Also, these files will eventually be opened on her personal computer.

Are there any special safety guidelines to watch out for? A lot of online how-to’s suggest, for example, using GD to resave an image, to purge it of malicious code. But would that work on PDFs and PSDs? Another pretty common theme is the possibility for XSS. But these files aren’t really going to be displayed online, they’re (like I said) for production purposes. Is there some way to ensure they don’t have viruses or whatnot?

Simply e-mailing files straight from the submission form to her account didn’t seem like a smart idea, so I came here.

Virus protection isn’t the same as protecting your site from malicious code. Get her to use a virus checker.