Is there a way to use linux "find" and filter if specific process was the only one accessed it?

I am trying to find out a way to do incremental antivirus scan. My current approach under evaluation is using "find". You can see relevant question here: https://unix.stackexchange.com/questions/787860/is-there-a-reason-why-i-cant-use-find-to-scan-modified-files-for-viruses-and-ma/ Please note - the question already posted above is using modified time but I found out that clamav scans files even if it is accessed or opened not just modified. The antivirus in question is clamav. Clamav, just like every other AV has option of on access scanning i.e. it would scan a file as soon as it's **acccessed** or **opened**. That means I have to change\use command: find /test/ -type f -atime -1 1>./find_ctime.out 2>./find.errors Unfortunately I cannot use clamav "On Access Scanning" feature - one reason being it's too heavy on system. If I use "find" this is a problem I run into: - I start first scan at 12:00 midnight on 10 files. - When I use "find" next day at 12:00 midnight, I have to give start time at 12:00 midnight previous day. I cannot given start time when scan was finished to find because that would leave system vulnerable. - Problem with this approach is, it would include 10 files clamav (clamscan) accessed yesterday. - I cannot blindly exclude yesterday's list, __even if__ access timestamp was in yesterday's scan window because that will make system vulnerable, even though chances are very small. - and the cycle will repeat next day and so on until it would include ALL files on the system. So I wanted to exclude a file if **only** clamscan\clamdscan has accessed it since last scan. I used stat and do not see any relevant field in output. I also searched in find documentation but I could not find it. Is there a way to use linux "find" and filter if specific process was the only one accessed it? Thanks in advance!