[Mod-security-rules] Having problem with prevent uploading ELF within http

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello
I using Modsecurity on WHM/Cpanel server
I am trying to prevent uploading executable ELF files
i used the following bash code within modsecurity upload scritp :
elup=`file $upfile | egrep -w "LSB executable" | wc -l`
if [ elup -gt 0 ]
then
echo "Executable file was found"
exit
fi
If i tried to upload ELF it didnt detected
while if i run bash script against ELF uploaded it output "Executable file was found"
Why it doesnt work within http upload ??
Here are my modsecurity configurations :
SecTmpSaveUploadedFiles On
SecUploadKeepFiles RelevantOnly
SecRequestBodyAccess On
SecDebugLog /var/log/modsecurity-debug.log
SecDebugLogLevel 6
SecUploadDir /home/modsec_tmp
SecTmpDir /home/modsec_tmp
SecDataDir /home/modsec_tmp
SecRule FILES_TMPNAMES "@inspectFile \
/path/to/modsecurity/filescan.sh" "phase:2,deny,redirect:http://domain.com/suspicious_activity.html,id:1"
What is wrong in my configuration ?? why it doesnt reject uploaded ELF from http ?  instead it works from server ssh ??
Any help will be appretiated