You can use firewall rules to restrict ports on outbound connections to what is needed by the VOIP provider. This is done via security appliance firewall layer 3 rules.
As for checking for malware, if you have the Advanced Security License, then you can use Advance Malware Protection to protect your network.
Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator