You can use the FileInfo extension. The mime types here are not provided by the client; they are figured out by the FileInfo
extension. The mime types are figured out by looking at the contents of the file (often the first few bytes of the file, but some file formats need a little more analysis).
So, if a file is recognized as an audio file then it cannot be an executable. It may be an executable with an audio file signature, but audio players will not execute it; they will just read the file and treat it as audio data (and most likely give you an error saying that the file is corrupted).
I am not sure to what extent the extension looks at the file, but I a pretty sure it does as little as it can get away with. In other words, it most likely does not go through the entire file, checking that it is 100% valid. In order to do that to all the file formats you are allowing, you would need more heavy-duty programs, and probably at least a dedicated server. Unless you absolutely need to be 100% sure of a file's validity, doing a cursory check, like here, should be enough.
$file = '/path/to/file.mp3';
$info = new finfo(FILEINFO_MIME);
$type = $info->buffer(file_get_contents($file));
switch ($type) {
case 'audio/mpeg':
echo 'MP3!';
break;
case 'audio/ogg':
echo 'OGG!';
break;
case 'audio/wav':
echo 'WAV!';
break;
case 'audio/x-matroska':
echo 'MKA!';
break;
case 'audio/mp4':
echo 'MP4!';
break;
default:
die('Format not supported!');
break;
}