We don’t do malware audits since this is a highly time consuming and difficult process. This is elaborated in wiki chapter Malware Audits.
We also don’t archive old releases due to size.
I think I know and have been reading distrowatch.com every now and then as long as I know about Linux. As far as I know it is a reputable website and not spreading malware.
Nevertheless, it’s best to download Whonix from the Whonix homepage.
No offense, I just want to make sure if my download has been altered or not. Sha512sum of this file has been unavailable in this site. Is there no other way to verify this old version?