It'll be sufficient for known malware. But if malware hasn't been identified yet, VirusTotal won't pick it up.
Is it possible that you can download malware and VirusTotal not pick it up? there's a small chance. But, in my estimation, no one is really going to burn a novel strain of malware on free ebooks. It's not targeted and that site isn't a good watering hole to deploy novel malware.
Novel strains of malware are usually reserved for specific targets. Unless you're a high profile target of an authoritarian government or known to have a high networth, I don't really think you're going to get hit with the novel stuff.
TL/DR: VirusTotal will probably be enough for the average user. But no one can guarantee safety when you're downloading random files on the internet.
I think in the case of all software it is safest to assume that opening a file that you downloaded from the internet has the potential to do harm, regardless of whether you are using Linux, macOS, Windows, or some other operating system, and regardless of what software you use to read the file.
The best mitigation would be to keep a separate device that you use purely for unauthenticated internet browsing and opening files from the Internet. Never accessing any personal data on that device. In reality almost all of us will use the same devices for our personal files and data, and for browsing the internet and opening random files that we downloaded.
It is interesting to note that the statistics for known security vulnerabilities in Evince..
I wonder if it indicates that Evince is so much more secure than Acrobat Reader.. Or is it simply the case that Evince has not been subject to the level of scrutiny that Acrobat Reader has been? And if so, there might be more unknown security vulnerabilities lurking under the surface of Evince than in Acrobat Reader.
Check out DangerZone. It encodes a .pdf (and other formats) to image data then converts it back to .pdf, optionally preserving OCR'ed text, so that any potential executable code hidden within is lost. For further security, all operations run sandboxed.
One possibility is that Acrobat Reader is more forgiving of poorly-formed PDFs, as I’ve generally heard is the case, and that by allowing documents that don’t meet the (huge, probably also poorly-formed) standard they open themselves up to more security risks.
Is it possible that you can download malware and VirusTotal not pick it up? there's a small chance. But, in my estimation, no one is really going to burn a novel strain of malware on free ebooks. It's not targeted and that site isn't a good watering hole to deploy novel malware.
Novel strains of malware are usually reserved for specific targets. Unless you're a high profile target of an authoritarian government or known to have a high networth, I don't really think you're going to get hit with the novel stuff.
TL/DR: VirusTotal will probably be enough for the average user. But no one can guarantee safety when you're downloading random files on the internet.