To ensure your image is "verified" and free of malware, you should download a clean MSDN/Retail ISO and convert it yourself.
He used qemu-img check :
Download the Windows XP Mode installer from the Official Microsoft Download Center. Extract the files using a tool like . windows xp qcow2 download verified
The safest and most common way to get a verified Windows XP environment is to using a trusted installation source. Recommended Secure Method: Build from ISO To ensure your image is "verified" and free
qemu-img convert -f qcow2 -O qcow2 -c winxp-from-vhd.qcow2 winxp-compressed.qcow2 windows xp qcow2 download verified
Run the image without network access: