There's tons of options, no-intro, redump, tosec, mame are all doing DAT files with file checksums.

That said, ROMs are basically never a malware vector as they have to exploit an issue in the emulators themselves and historically that hasn't really been seen. Typically malware related to roms happens with files included in the zip archives or by sites offering "downloaders" with embedded malware.