Prior to burning your downloaded ISO image (or using it as a virtual disc in Virtualbox), it is strongly recommended that you first check that it hasn't been corrupted during the process of being downloaded. The consequences of not doing so - especially if you intend on installing Manjaro as your main operating system - should be obvious (i.e. a corrupted image will result in a corrupted installation).
To do so, you must first download the appropriate checksum file from the same Sourceforge folder as your chosen ISO image. A checksum file will have the same name as the ISO image that it is to be used with; the only difference is that it will end in either -sha1.sum' or -sha256.sum. For example, the appropriate checksum file for the manjaro-xfce-0.8.1-x86_64.iso file (64 bit Manjaro release 0.8.1 with the XFCE desktop) will be manjaro-xfce-0.8.1-x86_64-sha1.sum, and/or manjaro-xfce-0.8.1-x86_64-sha256.sum.
The 'sha' part of the checksum file name stands for Secure Hash Algorithm, which is used to generate a particular code unique to the downloaded ISO image; sha1 and sha256 are different versions of this algorithm that you can use to do this. While sha1 is the most widely used version, sha256 is a later and more secure version. Which you decide to use is entirely your choice. However, if you are unsure, then it is recommended to use sha256.
The checksum file itself is just a text document that contains the code that should be generated by the sha1 or sha256 algorithm. If the code generated from the ISO file matches that contained in the checkum file, then the ISO is fine. Otherwise - if the two codes don't match - then it means that the ISO file has changed in some way, most likely due to being corrupted. You can think of it like two people using a secret password to identify who they are: If the visitor uses the wrong password, then something is obviously amiss!
Don't worry if this all sounds a bit much - it's actually very straightforward and easy to use!
Checking in Linux
To check the integrity of your downloaded file, it will be necessary to first open the downloaded checksum file using a text editor such as Gedit. Depending on whether you intend to use sha1 or sha256, ensure that you have downloaded and opened the appropriate checksum file (i.e. ending in -sha1.sum or sha256.sum, respectively) as they will contain different codes. Once the checksum file has been opened - and the code is visible - open up your terminal and change to the directory where your downloaded ISO is stored. For example, if your ISO file is located in the default Downloads folder, you would enter the following command:
The command to then perform a checksum uses the following syntax:
[sha1sum or sha256sum] [ISO Image]
For example, the following command will use sha256 generate a code from the 64 bit Manjaro XFCE 0.8.1 ISO. The code generated can then be compared tothe code provided by the appropriate sha256 checksum file:
As illustrated, in this instance both codes match confirming that the downloaded ISO file is completely fine. The following command would use sha1 to undertake exactly the same task:
Where satisifed that both codes match, then it is safe to proceed to either burning the ISO to your chosen installation, or using it immediately in Virtualbox. Otherwise, it will be necessary to delete the ISO image and download it again.
Checking in Windows