Is there a reason why I can't use find to scan modified files for viruses and malware?

I need to scan Linux systems for viruses/malware, on the entire file system. There are few options to consider. - One is normally what users do: Use antivirus to scan system once a day. - The second option is to find files modified in last one day and give that list to antivirus program. I tested following bash command find on directory with 5 million empty files, and it's extremely efficient. date;find /test/ -type f -ctime -1 1>./find_ctime.out 2>./find.errors;date It takes only about 5 seconds. I am using -ctime option just to overcome some program changing modification time using utility such as touch. Most admins when they talk about a system scan, they talk about having antivirus do the complete scan. Is there a reason why find should not be used to get a list of files modified and scan them? EDIT: I have posted following question which _may_ have an answer to why no antivirus seems to use "find" based incremental approach: https://unix.stackexchange.com/questions/787940/is-there-a-way-to-use-linux-find-and-filter-if-specific-process-was-the-only-o