@murdoc for some reason I feel like this:

Dangerzone - apply zero trust, assume every file contains malware and sanitize everything before opening it.

Is where I will be headed eventually :D Just need to learn more about it. How to compile from source, how to sanitize, and how to check against fingerprints etc.