[Dylan16807]

Okay, I appear to have misremembered a problem in "strings" as being in "file", where it went overboard in parsing and introduced vulnerabilities.

But I haven't seen anything to disagree with file being similarly problematic. A quote like

To sum up: If somebody uses 'file' in an unconstrained OS environment on untrusted inputs, and he gets pwnd in the result, then it's not a security problem, it's an incompetence problem - and IMO it should be discussed elsewhere.

does not suggest that the program is very well designed.

Scanning for byte strings with no possibility of security flaw is a solved problem.